GCVE - cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:freedesktop:poppler:0.74.0:*:*:*:*:*:*:*

part: a version: 0.74.0 update: *

Vendor	Freedesktop (`2c544e5d-e68e-5b35-a616-dc08f0ba697e`)
Product	Poppler (`b2e9eefd-0d12-5535-9c38-bc4de43f056e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/libpoppler-dev`	purl2cpe	2026-06-01 10:14:03.992742
`pkg:deb/ubuntu/libpoppler-dev`	purl2cpe	2026-06-01 10:14:03.992744
`pkg:freedesktop/poppler/poppler`	purl2cpe	2026-06-01 10:14:03.992745
`pkg:github/freedesktop/poppler`	purl2cpe	2026-06-01 10:14:03.992746
`pkg:rpm/fedora/poppler`	purl2cpe	2026-06-01 10:14:03.992748
`pkg:rpm/opensuse/poppler`	purl2cpe	2026-06-01 10:14:03.992749

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2019-9903`	vulnerable	2026-06-03 14:40:49.985580	Details available PDFDoc::markObject in PDFDoc.cc in Poppler 0.74.0 mishandles dict marking, leading to stack consumption in the function Dict::find() located at Dict.cc, which can (for example) be triggered by passing a crafted pdf file to the pdfunite binary. Published: 2019-03-21T17:42:50.000Z Updated: 2024-08-04T22:01:54.993Z Open on db.gcve.eu Reference links https://gitlab.freedesktop.org/poppler/poppler/issues/741 https://research.loginsoft.com/bugs/stack-based-buffer-overflows-in-dictfind-poppler-0-74-0/ http://www.securityfocus.com/bid/107560 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XWWVIYFXM74KJFIDHP4W67HR4FRF2LDE/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-9631`	vulnerable	2026-06-03 14:40:49.499067	Details available Poppler 0.74.0 has a heap-based buffer over-read in the CairoRescaleBox.cc downsample_row_box_filter function. Published: 2019-03-08T05:00:00.000Z Updated: 2024-08-04T21:54:45.439Z Open on db.gcve.eu Reference links https://gitlab.freedesktop.org/poppler/poppler/issues/736 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ6RABASMSIMMWMDZTP6ZWUWZPTBSVB5/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZWP5XSUG6GNRI75NYKF53KIB2CZY6QQ6/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6OSCOYM3AMFFBJWSBWY6VJVLNE5JD7YS/ https://lists.debian.org/debian-lts-announce/2019/04/msg00011.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-9545`	vulnerable	2026-06-03 14:40:49.339886	Details available An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readTextRegion() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JBIG2Bitmap::clearToZero. Published: 2019-03-01T19:00:00.000Z Updated: 2024-08-04T21:54:44.574Z Open on db.gcve.eu Reference links https://gitlab.freedesktop.org/poppler/poppler/issues/731 https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadtextregion-poppler-0-74-0/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-9543`	vulnerable	2026-06-03 14:40:49.339303	Details available An issue was discovered in Poppler 0.74.0. A recursive function call, in JBIG2Stream::readGenericBitmap() located in JBIG2Stream.cc, can be triggered by sending a crafted pdf file to (for example) the pdfseparate binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to JArithmeticDecoder::decodeBit. Published: 2019-03-01T19:00:00.000Z Updated: 2024-08-04T21:54:44.475Z Open on db.gcve.eu Reference links https://research.loginsoft.com/bugs/recursive-function-call-in-function-jbig2streamreadgenericbitmap-poppler-0-74-0/ http://www.securityfocus.com/bid/107238 https://gitlab.freedesktop.org/poppler/poppler/issues/730	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-9200`	vulnerable	2026-06-03 14:40:48.835010	Details available A heap-based buffer underwrite exists in ImageStream::getLine() located at Stream.cc in Poppler 0.74.0 that can (for example) be triggered by sending a crafted PDF file to the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. Published: 2019-02-26T23:00:00.000Z Updated: 2024-08-04T21:38:46.571Z Open on db.gcve.eu Reference links https://gitlab.freedesktop.org/poppler/poppler/issues/728 https://research.loginsoft.com/bugs/heap-based-buffer-underwrite-in-imagestreamgetline-poppler-0-74-0/ http://www.securityfocus.com/bid/107172 https://usn.ubuntu.com/3905-1/ https://lists.debian.org/debian-lts-announce/2019/03/msg00008.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-10873`	vulnerable	2026-06-03 14:39:24.502845	Details available An issue was discovered in Poppler 0.74.0. There is a NULL pointer dereference in the function SplashClip::clipAALine at splash/SplashClip.cc. Published: 2019-04-05T03:17:06.000Z Updated: 2024-08-04T22:32:02.221Z Open on db.gcve.eu Reference links https://gitlab.freedesktop.org/poppler/poppler/issues/748 http://www.securityfocus.com/bid/107862 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/ https://usn.ubuntu.com/4042-1/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-10872`	vulnerable	2026-06-03 14:39:24.502495	Details available An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function Splash::blitTransparent at splash/Splash.cc. Published: 2019-04-05T03:16:40.000Z Updated: 2024-08-04T22:32:02.087Z Open on db.gcve.eu Reference links https://gitlab.freedesktop.org/poppler/poppler/issues/750 http://www.securityfocus.com/bid/107862 https://lists.debian.org/debian-lts-announce/2019/06/msg00002.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2019-10871`	vulnerable	2026-06-03 14:39:24.501905	Details available An issue was discovered in Poppler 0.74.0. There is a heap-based buffer over-read in the function PSOutputDev::checkPageSlice at PSOutputDev.cc. Published: 2019-04-05T03:16:23.000Z Updated: 2024-08-04T22:32:02.226Z Open on db.gcve.eu Reference links https://gitlab.freedesktop.org/poppler/poppler/issues/751 http://www.securityfocus.com/bid/107862 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7MAWV24KRXTFODLVT46RXI27XIQFX2QR/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YWS7NVFFCUY3YSTMEKZEJEU6JVUUBKHB/ https://access.redhat.com/errata/RHSA-2019:2713	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.