Xpdf
by Xpdf
CVEs (171)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-38222 | 0.00 | — | 0.00 | Aug 15, 2022 | There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact. | |||
| CVE-2022-33108 | 0.00 | — | 0.01 | Jun 28, 2022 | XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files. | |||
| CVE-2021-27548 | 0.00 | — | 0.01 | May 18, 2022 | There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03. | |||
| CVE-2022-30775 | 0.00 | — | 0.01 | May 16, 2022 | xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option. | |||
| CVE-2022-30524 | 0.00 | — | 0.02 | May 9, 2022 | There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote… | |||
| CVE-2022-27135 | 0.00 | — | 0.01 | Apr 25, 2022 | xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary. | |||
| CVE-2020-35376 | 0.00 | — | 0.02 | Dec 26, 2020 | Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function. | |||
| CVE-2020-25725 | 0.00 | — | 0.01 | Nov 21, 2020 | In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where… | |||
| CVE-2020-24996 | 0.00 | — | 0.01 | Sep 3, 2020 | There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation… | |||
| CVE-2020-24999 | 0.00 | — | 0.01 | Sep 3, 2020 | There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified… | |||
| CVE-2010-0206 | 0.00 | — | 0.01 | Oct 30, 2019 | xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects. | |||
| CVE-2019-17064 | 0.00 | — | 0.01 | Oct 1, 2019 | Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. | |||
| CVE-2019-16927 | 0.00 | — | 0.01 | Sep 27, 2019 | Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. | |||
| CVE-2019-16115 | 0.00 | — | 0.01 | Sep 8, 2019 | In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted… | |||
| CVE-2019-16088 | 0.00 | — | 0.01 | Sep 6, 2019 | Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc. | |||
| CVE-2019-14294 | 0.00 | — | 0.01 | Jul 27, 2019 | An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read. | |||
| CVE-2019-14293 | 0.00 | — | 0.01 | Jul 27, 2019 | An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2. | |||
| CVE-2019-14292 | 0.00 | — | 0.01 | Jul 27, 2019 | An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1. | |||
| CVE-2019-14291 | 0.00 | — | 0.01 | Jul 27, 2019 | An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3. | |||
| CVE-2019-14290 | 0.00 | — | 0.01 | Jul 27, 2019 | An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2. |
- CVE-2022-38222Aug 15, 2022risk 0.00cvss —epss 0.00
There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
- CVE-2022-33108Jun 28, 2022risk 0.00cvss —epss 0.01
XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.
- CVE-2021-27548May 18, 2022risk 0.00cvss —epss 0.01
There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.
- CVE-2022-30775May 16, 2022risk 0.00cvss —epss 0.01
xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.
- CVE-2022-30524May 9, 2022risk 0.00cvss —epss 0.02
There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote…
- CVE-2022-27135Apr 25, 2022risk 0.00cvss —epss 0.01
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.
- CVE-2020-35376Dec 26, 2020risk 0.00cvss —epss 0.02
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.
- CVE-2020-25725Nov 21, 2020risk 0.00cvss —epss 0.01
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where…
- CVE-2020-24996Sep 3, 2020risk 0.00cvss —epss 0.01
There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation…
- CVE-2020-24999Sep 3, 2020risk 0.00cvss —epss 0.01
There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified…
- CVE-2010-0206Oct 30, 2019risk 0.00cvss —epss 0.01
xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects.
- CVE-2019-17064Oct 1, 2019risk 0.00cvss —epss 0.01
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.
- CVE-2019-16927Sep 27, 2019risk 0.00cvss —epss 0.01
Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877.
- CVE-2019-16115Sep 8, 2019risk 0.00cvss —epss 0.01
In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted…
- CVE-2019-16088Sep 6, 2019risk 0.00cvss —epss 0.01
Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc.
- CVE-2019-14294Jul 27, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read.
- CVE-2019-14293Jul 27, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2.
- CVE-2019-14292Jul 27, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1.
- CVE-2019-14291Jul 27, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3.
- CVE-2019-14290Jul 27, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2.
Page 5 of 9