poppler

Top products

The 15 most recently published vulnerabilities affecting poppler.

• CVE-2025-52885GHSL-2025-042: Poppler has Use-After-Free7.3Oct 10, 2025
• CVE-2025-52886Poppler Use After Free Vulnerability5.9Jul 2, 2025
• CVE-2012-2142The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.7.8Jan 9, 2020
• CVE-2010-4654poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack.7.8Nov 13, 2019
• CVE-2010-4653An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.6.5Nov 13, 2019
• CVE-2010-0207In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.5.5Oct 30, 2019
• CVE-2017-2820An exploitable integer overflow vulnerability exists in the JPEG 2000 image parsing functionality of freedesktop.org Poppler 0.53.0. A specially crafted PDF file can lead to an integer overflow cau...8.8Jul 12, 2017
• CVE-2017-2818An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted PDF can cause an overly large number of color components during imag...7.5Jul 12, 2017
• CVE-2017-2814An exploitable heap overflow vulnerability exists in the image rendering functionality of Poppler 0.53.0. A specifically crafted pdf can cause an image resizing after allocation has already occurre...7.5Jul 12, 2017
• CVE-2017-7511poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents.5.5May 30, 2017
• CVE-2010-3704The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows ...6.8Nov 5, 2010
• CVE-2010-3703The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-d...4.3Nov 5, 2010
• CVE-2009-3938Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as used by the Abiword pdftoabw utility, al...6.8Nov 13, 2009
• CVE-2009-3605Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related t...6.8Nov 2, 2009
• CVE-2009-3609Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers...4.3Oct 21, 2009