{"id":"CVE-2023-34872","details":"A vulnerability in Outline.cc for Poppler prior to 23.06.0 allows a remote attacker to cause a Denial of Service (DoS) (crash) via a crafted PDF file in OutlineItem::open.","modified":"2026-04-16T04:38:30.196062054Z","published":"2023-07-31T14:15:10.427Z","related":["SUSE-SU-2023:4291-1","SUSE-SU-2023:4363-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3XXL3L6RJOTLGCN7GLH2OLLNF4FJ4T7I/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JQ3NYJ43U2MA7COKGMJDARZUAAOP45D4/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3XXL3L6RJOTLGCN7GLH2OLLNF4FJ4T7I/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JQ3NYJ43U2MA7COKGMJDARZUAAOP45D4/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SFBT75QHBWNMSDAHSXZQ2I3PBJWID36K/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W3H3GOWFE3C7543GMEN7LY4GWMWJ7D2G/"},{"type":"REPORT","url":"https://gitlab.freedesktop.org/poppler/poppler/-/issues/1399"},{"type":"FIX","url":"https://gitlab.freedesktop.org/poppler/poppler/-/commit/591235c8b6c65a2eee88991b9ae73490fd9afdfe"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.freedesktop.org/poppler/poppler","events":[{"introduced":"0"},{"fixed":"448def49276c2ea89d3fcbdbcda461ed8602f77e"},{"fixed":"591235c8b6c65a2eee88991b9ae73490fd9afdfe"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"23.06.0"}]}}],"versions":["poppler-0.10.0","poppler-0.11.0","poppler-0.11.1","poppler-0.11.2","poppler-0.11.3","poppler-0.12.0","poppler-0.13.1","poppler-0.13.2","poppler-0.13.3","poppler-0.13.4","poppler-0.14.0","poppler-0.15.0","poppler-0.15.1","poppler-0.15.2","poppler-0.15.3","poppler-0.16.0","poppler-0.17.0","poppler-0.17.1","poppler-0.17.2","poppler-0.17.3","poppler-0.17.4","poppler-0.18.0","poppler-0.19.0","poppler-0.19.1","poppler-0.19.2","poppler-0.19.3","poppler-0.19.4","poppler-0.2.0","poppler-0.20.0","poppler-0.21.0","poppler-0.21.1","poppler-0.21.3","poppler-0.21.4","poppler-0.22.0","poppler-0.23.0","poppler-0.23.1","poppler-0.23.2","poppler-0.23.3","poppler-0.23.4","poppler-0.24.0","poppler-0.25.0","poppler-0.25.1","poppler-0.25.2","poppler-0.25.3","poppler-0.26.0","poppler-0.28.0","poppler-0.28.1","poppler-0.29.0","poppler-0.3.0","poppler-0.3.1","poppler-0.3.2","poppler-0.3.3","poppler-0.30.0","poppler-0.31.0","poppler-0.32.0","poppler-0.33.0","poppler-0.34.0","poppler-0.35.0","poppler-0.36","poppler-0.37","poppler-0.38.0","poppler-0.39","poppler-0.4.0","poppler-0.40.0","poppler-0.41.0","poppler-0.42.0","poppler-0.43","poppler-0.44","poppler-0.45","poppler-0.46","poppler-0.47","poppler-0.48","poppler-0.49","poppler-0.5.0","poppler-0.5.1","poppler-0.5.2","poppler-0.5.3","poppler-0.5.4","poppler-0.50","poppler-0.51","poppler-0.52","poppler-0.53","poppler-0.54","poppler-0.58","poppler-0.59","poppler-0.6.0","poppler-0.6.0.RC1","poppler-0.60","poppler-0.60.1","poppler-0.61","poppler-0.61.1","poppler-0.62.0","poppler-0.63.0","poppler-0.64.0","poppler-0.65.0","poppler-0.66.0","poppler-0.67.0","poppler-0.68.0","poppler-0.69.0","poppler-0.7.0","poppler-0.7.2","poppler-0.7.3","poppler-0.70.0","poppler-0.70.1","poppler-0.71.0","poppler-0.72.0","poppler-0.73.0","poppler-0.74.0","poppler-0.75.0","poppler-0.76.0","poppler-0.76.1","poppler-0.77.0","poppler-0.78.0","poppler-0.79.0","poppler-0.8.0","poppler-0.80.0","poppler-0.81.0","poppler-0.82.0","poppler-0.83.0","poppler-0.84.0","poppler-0.85.0","poppler-0.86.0","poppler-0.86.1","poppler-0.87.0","poppler-0.88.0","poppler-0.89.0","poppler-0.9.0","poppler-0.9.1","poppler-0.9.2","poppler-0.9.3","poppler-0.90.0","poppler-0.90.1","poppler-20.08.0","poppler-20.09.0","poppler-20.10.0","poppler-20.11.0","poppler-20.12.0","poppler-20.12.1","poppler-21.01.0","poppler-21.02.0","poppler-21.03.0","poppler-21.04.0","poppler-21.05.0","poppler-21.06.0","poppler-21.06.1","poppler-21.07.0","poppler-21.08.0","poppler-21.09.0","poppler-21.10.0","poppler-21.11.0","poppler-21.12.0","poppler-22.01.0","poppler-22.02.0","poppler-22.03.0","poppler-22.04.0","poppler-22.05.0","poppler-22.06.0","poppler-22.07.0","poppler-22.08.0","poppler-22.09.0","poppler-22.10.0","poppler-22.11.0","poppler-22.12.0","poppler-23.01.0","poppler-23.02.0","poppler-23.03.0","poppler-23.04.0","poppler-23.05.0","poppler-before-fontconfig"],"database_specific":{"vanir_signatures_modified":"2026-04-12T05:13:27Z","vanir_signatures":[{"signature_version":"v1","deprecated":false,"target":{"file":"poppler/Outline.cc"},"signature_type":"Line","id":"CVE-2023-34872-052a87e3","digest":{"line_hashes":["35625750558623308352230351458397072526","184373857616747856292590674917599720888","232688056927255012942220143723711659217","179045058357070891833613213611406836504","163677711532703695125451390698642366930","58315332789970958182405206062752451473"],"threshold":0.9},"source":"https://gitlab.freedesktop.org/poppler/poppler@591235c8b6c65a2eee88991b9ae73490fd9afdfe"},{"signature_version":"v1","deprecated":false,"target":{"function":"OutlineItem::open","file":"poppler/Outline.cc"},"signature_type":"Function","id":"CVE-2023-34872-3de5e5b1","digest":{"function_hash":"117859367643787765699059183892513916194","length":188},"source":"https://gitlab.freedesktop.org/poppler/poppler@591235c8b6c65a2eee88991b9ae73490fd9afdfe"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-34872.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}