GCVE - cpe:2.3:a:freedesktop:poppler:0.23.2:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:freedesktop:poppler:0.23.2:*:*:*:*:*:*:*

part: a version: 0.23.2 update: *

Vendor	Freedesktop (`2c544e5d-e68e-5b35-a616-dc08f0ba697e`)
Product	Poppler (`b2e9eefd-0d12-5535-9c38-bc4de43f056e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/libpoppler-dev`	purl2cpe	2026-06-01 10:14:03.991975
`pkg:deb/ubuntu/libpoppler-dev`	purl2cpe	2026-06-01 10:14:03.991977
`pkg:freedesktop/poppler/poppler`	purl2cpe	2026-06-01 10:14:03.991978
`pkg:github/freedesktop/poppler`	purl2cpe	2026-06-01 10:14:03.991979
`pkg:rpm/fedora/poppler`	purl2cpe	2026-06-01 10:14:03.991981
`pkg:rpm/opensuse/poppler`	purl2cpe	2026-06-01 10:14:03.991982

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2017-7511`	vulnerable	2026-06-03 14:37:32.307329	Details available poppler since version 0.17.3 has been vulnerable to NULL pointer dereference in pdfunite triggered by specially crafted documents. Published: 2017-05-30T18:00:00.000Z Updated: 2024-08-05T16:04:11.847Z Open on db.gcve.eu Reference links https://security.gentoo.org/glsa/201801-17 https://cgit.freedesktop.org/poppler/poppler/commit/?id=5c9b08a875b07853be6c44e43ff5f7f059df666a	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-7296`	vulnerable	2026-06-03 14:33:35.000847	Details available The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial of service (segmentation fault and application crash) via a crafted PDF file. Published: 2014-01-26T01:00:00.000Z Updated: 2024-08-06T18:01:20.423Z Open on db.gcve.eu Reference links http://lists.fedoraproject.org/pipermail/package-announce/2014-January/125710.html http://secunia.com/advisories/56567 http://seclists.org/oss-sec/2014/q1/105 http://security.gentoo.org/glsa/glsa-201401-21.xml http://cgit.freedesktop.org/poppler/poppler/commit/?id=58e04a08afee39370283c494ee2e4e392fd3b684	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4474`	vulnerable	2026-06-03 14:33:17.110697	Details available Format string vulnerability in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.3 allows remote attackers to cause a denial of service (crash) via format string specifiers in a destination filename. Published: 2013-11-23T11:00:00.000Z Updated: 2024-08-06T16:45:14.323Z Open on db.gcve.eu Reference links http://bugs.debian.org/723124 http://cgit.freedesktop.org/poppler/poppler/commit/?id=61f79b8447c3ac8ab5a26e79e0c28053ffdccf75 http://secunia.com/advisories/56567 http://security.gentoo.org/glsa/glsa-201401-21.xml http://www.securityfocus.com/bid/63374	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4473`	vulnerable	2026-06-03 14:33:17.104635	Details available Stack-based buffer overflow in the extractPages function in utils/pdfseparate.cc in poppler before 0.24.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a source filename. Published: 2013-11-23T11:00:00.000Z Updated: 2024-08-06T16:45:14.622Z Open on db.gcve.eu Reference links http://bugs.debian.org/723124 http://secunia.com/advisories/56567 http://security.gentoo.org/glsa/glsa-201401-21.xml https://bugs.freedesktop.org/show_bug.cgi?id=69434 http://www.ubuntu.com/usn/USN-2958-1	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.