GCVE - cpe:2.3:a:freedesktop:poppler:20.12.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:freedesktop:poppler:20.12.1:*:*:*:*:*:*:*

part: a version: 20.12.1 update: *

Vendor	Freedesktop (`2c544e5d-e68e-5b35-a616-dc08f0ba697e`)
Product	Poppler (`b2e9eefd-0d12-5535-9c38-bc4de43f056e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/libpoppler-dev`	purl2cpe	2026-06-01 10:14:03.993050
`pkg:deb/ubuntu/libpoppler-dev`	purl2cpe	2026-06-01 10:14:03.993051
`pkg:freedesktop/poppler/poppler`	purl2cpe	2026-06-01 10:14:03.993053
`pkg:github/freedesktop/poppler`	purl2cpe	2026-06-01 10:14:03.993054
`pkg:rpm/fedora/poppler`	purl2cpe	2026-06-01 10:14:03.993056
`pkg:rpm/opensuse/poppler`	purl2cpe	2026-06-01 10:14:03.993057

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-36024`	vulnerable	2026-06-03 14:42:33.000444	Details available An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function. Published: 2023-08-11T00:00:00.000Z Updated: 2025-11-03T19:25:35.140Z Open on db.gcve.eu Reference links https://gitlab.freedesktop.org/poppler/poppler/-/issues/1016 https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-36023`	vulnerable	2026-06-03 14:42:33.000018	Details available An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function. Published: 2023-08-11T00:00:00.000Z Updated: 2025-11-03T19:25:33.770Z Open on db.gcve.eu Reference links https://gitlab.freedesktop.org/poppler/poppler/-/issues/1013 https://lists.debian.org/debian-lts-announce/2023/08/msg00017.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-35702`	vulnerable	2026-06-03 14:42:32.214201	Details available DCTStream::getChars in DCTStream.cc in Poppler 20.12.1 has a heap-based buffer overflow via a crafted PDF document. NOTE: later reports indicate that this only affects builds from Poppler git clones in late December 2020, not the 20.12.1 release. In this situation, it should NOT be considered a Poppler vulnerability. However, several third-party Open Source projects directly rely on Poppler git clones made at arbitrary times, and therefore the CVE remains useful to users of those projects Published: 2020-12-25T01:02:58.000Z Updated: 2024-08-04T17:09:15.094Z Open on db.gcve.eu Reference links https://gitlab.freedesktop.org/poppler/poppler/-/issues/1011	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.