GCVE - cpe:2.3:a:freedesktop:poppler:0.59.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:freedesktop:poppler:0.59.0:*:*:*:*:*:*:*

part: a version: 0.59.0 update: *

Vendor	Freedesktop (`2c544e5d-e68e-5b35-a616-dc08f0ba697e`)
Product	Poppler (`b2e9eefd-0d12-5535-9c38-bc4de43f056e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/libpoppler-dev`	purl2cpe	2026-06-01 10:14:03.992517
`pkg:deb/ubuntu/libpoppler-dev`	purl2cpe	2026-06-01 10:14:03.992518
`pkg:freedesktop/poppler/poppler`	purl2cpe	2026-06-01 10:14:03.992520
`pkg:github/freedesktop/poppler`	purl2cpe	2026-06-01 10:14:03.992521
`pkg:rpm/fedora/poppler`	purl2cpe	2026-06-01 10:14:03.992522
`pkg:rpm/opensuse/poppler`	purl2cpe	2026-06-01 10:14:03.992524

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-15565`	vulnerable	2026-06-03 14:36:46.422100	Details available In Poppler 0.59.0, a NULL Pointer Dereference exists in the GfxImageColorMap::getGrayLine() function in GfxState.cc via a crafted PDF document. Published: 2017-10-17T22:00:00.000Z Updated: 2024-08-05T19:57:27.011Z Open on db.gcve.eu Reference links https://bugs.freedesktop.org/show_bug.cgi?id=103016 https://www.debian.org/security/2018/dsa-4079 https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14977`	vulnerable	2026-06-03 14:36:45.094138	Details available The FoFiTrueType::getCFFBlock function in FoFiTrueType.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability due to lack of validation of a table pointer, which allows an attacker to launch a denial of service attack. Published: 2017-10-01T23:00:00.000Z Updated: 2024-08-05T19:42:22.341Z Open on db.gcve.eu Reference links https://www.debian.org/security/2018/dsa-4079 https://bugs.freedesktop.org/show_bug.cgi?id=103045 https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14976`	vulnerable	2026-06-03 14:36:45.093588	Details available The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a heap-based buffer over-read vulnerability if an out-of-bounds font dictionary index is encountered, which allows an attacker to launch a denial of service attack. Published: 2017-10-01T23:00:00.000Z Updated: 2024-08-05T19:42:22.313Z Open on db.gcve.eu Reference links https://cgit.freedesktop.org/poppler/poppler/commit/?id=da63c35549e8852a410946ab016a3f25ac701bdf https://www.debian.org/security/2018/dsa-4079 https://bugzilla.freedesktop.org/show_bug.cgi?id=102724 https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14975`	vulnerable	2026-06-03 14:36:45.091409	Details available The FoFiType1C::convertToType0 function in FoFiType1C.cc in Poppler 0.59.0 has a NULL pointer dereference vulnerability because a data structure is not initialized, which allows an attacker to launch a denial of service attack. Published: 2017-10-01T23:00:00.000Z Updated: 2024-08-05T19:42:22.353Z Open on db.gcve.eu Reference links https://bugzilla.freedesktop.org/show_bug.cgi?id=102653 https://www.debian.org/security/2018/dsa-4079 https://lists.debian.org/debian-lts-announce/2017/11/msg00023.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14929`	vulnerable	2026-06-03 14:36:45.013025	Details available In Poppler 0.59.0, memory corruption occurs in a call to Object::dictLookup() in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opFill, Gfx::doPatternFill, Gfx::doTilingPatternFill and Gfx::drawForm calls (aka a Gfx.cc infinite loop), a different vulnerability than CVE-2017-14519. Published: 2017-09-29T07:00:00.000Z Updated: 2024-08-05T19:42:22.287Z Open on db.gcve.eu Reference links https://bugs.freedesktop.org/show_bug.cgi?id=102969 https://www.debian.org/security/2018/dsa-4097	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14928`	vulnerable	2026-06-03 14:36:45.012605	Details available In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Configuration::Configuration in Annot.cc via a crafted PDF document. Published: 2017-09-29T07:00:00.000Z Updated: 2024-08-05T19:42:22.257Z Open on db.gcve.eu Reference links https://bugs.freedesktop.org/show_bug.cgi?id=102607 https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14927`	vulnerable	2026-06-03 14:36:45.012175	Details available In Poppler 0.59.0, a NULL Pointer Dereference exists in the SplashOutputDev::type3D0() function in SplashOutputDev.cc via a crafted PDF document. Published: 2017-09-29T07:00:00.000Z Updated: 2024-08-05T19:42:22.176Z Open on db.gcve.eu Reference links https://bugs.freedesktop.org/show_bug.cgi?id=102604	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14926`	vulnerable	2026-06-03 14:36:45.011631	Details available In Poppler 0.59.0, a NULL Pointer Dereference exists in AnnotRichMedia::Content::Content in Annot.cc via a crafted PDF document. Published: 2017-09-29T07:00:00.000Z Updated: 2024-08-05T19:42:22.238Z Open on db.gcve.eu Reference links https://bugs.freedesktop.org/show_bug.cgi?id=102601 https://lists.debian.org/debian-lts-announce/2020/11/msg00014.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14617`	vulnerable	2026-06-03 14:36:39.594768	Details available In Poppler 0.59.0, a floating point exception occurs in the ImageStream class in Stream.cc, which may lead to a potential attack when handling malicious PDF files. Published: 2017-09-20T21:00:00.000Z Updated: 2024-09-16T18:19:50.612Z Open on db.gcve.eu Reference links https://bugs.freedesktop.org/show_bug.cgi?id=102854	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14520`	vulnerable	2026-06-03 14:36:39.381686	Details available In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd() in Splash.cc, which may lead to a potential attack when handling malicious PDF files. Published: 2017-09-17T23:00:00.000Z Updated: 2024-08-05T19:27:40.754Z Open on db.gcve.eu Reference links https://www.debian.org/security/2018/dsa-4079 https://bugs.freedesktop.org/show_bug.cgi?id=102719	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14519`	vulnerable	2026-06-03 14:36:39.381398	Details available In Poppler 0.59.0, memory corruption occurs in a call to Object::streamGetChar in Object.h after a repeating series of Gfx::display, Gfx::go, Gfx::execOp, Gfx::opShowText, and Gfx::doShowText calls (aka a Gfx.cc infinite loop). Published: 2017-09-17T23:00:00.000Z Updated: 2024-08-05T19:27:40.895Z Open on db.gcve.eu Reference links https://bugs.freedesktop.org/show_bug.cgi?id=102701 https://www.debian.org/security/2018/dsa-4079	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14518`	vulnerable	2026-06-03 14:36:39.381069	Details available In Poppler 0.59.0, a floating point exception exists in the isImageInterpolationRequired() function in Splash.cc via a crafted PDF document. Published: 2017-09-17T23:00:00.000Z Updated: 2024-08-05T19:27:40.811Z Open on db.gcve.eu Reference links https://www.debian.org/security/2018/dsa-4079 https://bugs.freedesktop.org/show_bug.cgi?id=102688	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2017-14517`	vulnerable	2026-06-03 14:36:39.380683	Details available In Poppler 0.59.0, a NULL Pointer Dereference exists in the XRef::parseEntry() function in XRef.cc via a crafted PDF document. Published: 2017-09-17T23:00:00.000Z Updated: 2024-08-05T19:27:40.746Z Open on db.gcve.eu Reference links https://bugs.freedesktop.org/show_bug.cgi?id=102687 https://www.debian.org/security/2018/dsa-4079 http://www.securityfocus.com/bid/105050	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.