GCVE - cpe:2.3:a:freedesktop:poppler:22.07.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:freedesktop:poppler:22.07.0:*:*:*:*:*:*:*

part: a version: 22.07.0 update: *

Vendor	Freedesktop (`2c544e5d-e68e-5b35-a616-dc08f0ba697e`)
Product	Poppler (`b2e9eefd-0d12-5535-9c38-bc4de43f056e`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/libpoppler-dev`	purl2cpe	2026-06-01 10:14:03.993090
`pkg:deb/ubuntu/libpoppler-dev`	purl2cpe	2026-06-01 10:14:03.993092
`pkg:freedesktop/poppler/poppler`	purl2cpe	2026-06-01 10:14:03.993093
`pkg:github/freedesktop/poppler`	purl2cpe	2026-06-01 10:14:03.993094
`pkg:rpm/fedora/poppler`	purl2cpe	2026-06-01 10:14:03.993096
`pkg:rpm/opensuse/poppler`	purl2cpe	2026-06-01 10:14:03.993097

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-37052`	vulnerable	2026-06-03 14:47:41.453797	Details available A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. Published: 2023-08-22T00:00:00.000Z Updated: 2025-11-03T19:27:20.326Z Open on db.gcve.eu Reference links https://gitlab.freedesktop.org/poppler/poppler/-/issues/1278 https://gitlab.freedesktop.org/poppler/poppler/-/commit/8677500399fc2548fa816b619580c2c07915a98c	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-37051`	vulnerable	2026-06-03 14:47:41.453451	Details available An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. Published: 2023-08-22T00:00:00.000Z Updated: 2025-11-03T19:27:18.939Z Open on db.gcve.eu Reference links https://gitlab.freedesktop.org/poppler/poppler/-/issues/1276 https://gitlab.freedesktop.org/poppler/poppler/-/commit/4631115647c1e4f0482ffe0491c2f38d2231337b https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2022-37050`	vulnerable	2026-06-03 14:47:41.453011	Details available In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662. Published: 2023-08-22T00:00:00.000Z Updated: 2025-11-03T19:27:17.566Z Open on db.gcve.eu Reference links https://gitlab.freedesktop.org/poppler/poppler/-/issues/1274 https://gitlab.freedesktop.org/poppler/poppler/-/commit/dcd5bd8238ea448addd102ff045badd0aca1b990 https://lists.debian.org/debian-lts-announce/2023/10/msg00022.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.