彙總 freedesktop.org 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 記憶體損壞、輸入驗證問題、路徑處理缺陷與跨站腳本,在 生產負載與軟體部署 使用場景中可能帶來 異常行為、檔案覆寫與工作階段劫持 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-46470 | An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_audio_caps function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero. | [email protected] | 4.0 | 0.01% | 2026-05-14 | 2026-05-19 |
| CVE-2026-46469 | An issue was discovered in GStreamer gst-plugins-good before 1.28.2. When parsing MP4 audio tracks, the isomp4 plugin's qtdemux_parse_trak function does not sufficiently validate atom data before performing division operations, leading to denial of service due to integer division by zero. | [email protected] | 4.0 | 0.01% | 2026-05-14 | 2026-05-19 |
| CVE-2026-35094 | A flaw was found in libinput. An attacker capable of deploying a Lua plugin file in specific system directories can exploit a dangling pointer vulnerability. This occurs when a garbage collection cleanup function is called, leaving a pointer that can then be printed to system logs. This could potentially expose sensitive data if the memory location is re-used, leading to information disclosure. For this exploit to work, Lua plugins must be enabled in libinput and loaded by the compositor. | [email protected] | 3.3 | 0.01% | 2026-04-01 | 2026-04-07 |
| CVE-2026-35093 | A flaw was found in libinput. A local attacker who can place a specially crafted Lua bytecode file in certain system or user configuration directories can bypass security restrictions. This allows the attacker to run unauthorized code with the same permissions as the program using libinput, such as a graphical compositor. This could lead to the attacker monitoring keyboard input and sending that information to an external location. | [email protected] | 8.8 | 0.01% | 2026-04-01 | 2026-04-07 |
| CVE-2026-4897 | A flaw was found in polkit. A local user can exploit this by providing a specially crafted, excessively long input to the `polkit-agent-helper-1` setuid binary via standard input (stdin). This unbounded input can lead to an out-of-memory (OOM) condition, resulting in a Denial of Service (DoS) for the system. | [email protected] | 5.5 | 0.01% | 2026-03-26 | 2026-04-21 |
| CVE-2026-1940 | An incomplete fix for CVE-2024-47778 allows an out-of-bounds read in gst_wavparse_adtl_chunk() function. The patch added a size validation check lsize + 8 > size, but it does not account for the GST_ROUND_UP_2(lsize) used in the actual offset calculation. When lsize is an odd number, the parser advances more bytes than validated, causing OOB read. | [email protected] | 5.1 | 0.05% | 2026-03-23 | 2026-05-04 |
| CVE-2026-26104 | A flaw was found in the udisks storage management daemon that allows unprivileged users to back up LUKS encryption headers without authorization. The issue occurs because a privileged D-Bus method responsible for exporting encryption metadata does not perform a policy check. As a result, sensitive cryptographic metadata can be read and written to attacker-controlled locations. This weakens the confidentiality guarantees of encrypted storage volumes. | [email protected] | 5.5 | 0.01% | 2026-02-25 | 2026-03-25 |
| CVE-2026-26103 | A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block devices. This can permanently invalidate encryption keys and render encrypted volumes inaccessible. Successful exploitation results in a denial-of-service condition through irreversible data loss. | [email protected] | 7.1 | 0.01% | 2026-02-25 | 2026-03-25 |
| CVE-2025-50420 | An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service (DoS). | [email protected] | 6.5 | 0.17% | 2025-08-04 | 2025-10-09 |
| CVE-2025-52886 | Poppler is a PDF rendering library. Versions prior to 25.06.0 use `std::atomic_int` for reference counting. Because `std::atomic_int` is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue. | [email protected] | 5.5 | 0.28% | 2025-07-02 | 2025-11-04 |
| CVE-2025-43903 | NSSCryptoSignBackend.cc in Poppler before 25.04.0 does not verify the adbe.pkcs7.sha1 signatures on documents, resulting in potential signature forgeries. | [email protected] | 4.3 | 0.01% | 2025-04-18 | 2025-10-06 |
| CVE-2025-32365 | Poppler before 25.04.0 allows crafted input files to trigger out-of-bounds reads in the JBIG2Bitmap::combine function in JBIG2Stream.cc because of a misplaced isOk check. | [email protected] | 4.0 | 0.07% | 2025-04-05 | 2025-11-03 |
| CVE-2025-32364 | A floating-point exception in the PSStack::roll function of Poppler before 25.04.0 can cause an application to crash when handling malformed inputs associated with INT_MIN. | [email protected] | 4.0 | 0.07% | 2025-04-05 | 2025-11-03 |
| CVE-2024-56378 | libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc. | [email protected] | 4.3 | 0.33% | 2024-12-23 | 2025-11-03 |
| CVE-2024-6239 | A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. | [email protected] | 7.5 | 0.13% | 2024-06-21 | 2024-11-21 |
| CVE-2022-38349 | An issue was discovered in Poppler 22.08.0. There is a reachable assertion in Object.h, will lead to denial of service because PDFDoc::replacePageDict in PDFDoc.cc lacks a stream check before saving an embedded file. | [email protected] | 6.5 | 0.02% | 2023-08-22 | 2025-11-03 |
| CVE-2022-37052 | A reachable Object::getString assertion in Poppler 22.07.0 allows attackers to cause a denial of service due to a failure in markObject. | [email protected] | 6.5 | 0.03% | 2023-08-22 | 2025-11-03 |
| CVE-2022-37051 | An issue was discovered in Poppler 22.07.0. There is a reachable abort which leads to denial of service because the main function in pdfunite.cc lacks a stream check before saving an embedded file. | [email protected] | 6.5 | 0.04% | 2023-08-22 | 2025-11-03 |
| CVE-2022-37050 | In Poppler 22.07.0, PDFDoc::savePageAs in PDFDoc.c callows attackers to cause a denial-of-service (application crashes with SIGABRT) by crafting a PDF file in which the xref data structure is mishandled in getCatalog processing. Note that this vulnerability is caused by the incomplete patch of CVE-2018-20662. | [email protected] | 6.5 | 0.06% | 2023-08-22 | 2025-11-03 |
| CVE-2020-23804 | Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input. | [email protected] | 7.5 | 0.26% | 2023-08-22 | 2024-11-21 |