Xpdf
by Xpdf
CVEs (171)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-14289 | 0.00 | — | 0.01 | Jul 27, 2019 | An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case. | |||
| CVE-2019-14288 | 0.00 | — | 0.01 | Jul 27, 2019 | An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case. | |||
| CVE-2019-13291 | 0.00 | — | 0.01 | Jul 4, 2019 | In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure. | |||
| CVE-2019-13289 | 0.00 | — | 0.01 | Jul 4, 2019 | In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. | |||
| CVE-2019-13287 | 0.00 | — | 0.01 | Jul 4, 2019 | In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information… | |||
| CVE-2019-13283 | 0.00 | — | 0.01 | Jul 4, 2019 | In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF… | |||
| CVE-2019-13282 | 0.00 | — | 0.01 | Jul 4, 2019 | In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted… | |||
| CVE-2019-13281 | 0.00 | — | 0.01 | Jul 4, 2019 | In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file… | |||
| CVE-2019-12958 | 0.00 | — | 0.01 | Jun 24, 2019 | In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated. | |||
| CVE-2019-12957 | 0.00 | — | 0.01 | Jun 24, 2019 | In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an… | |||
| CVE-2019-12515 | 0.00 | — | 0.01 | Jun 1, 2019 | There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a… | |||
| CVE-2019-12493 | 0.00 | — | 0.01 | May 31, 2019 | A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops… | |||
| CVE-2019-12360 | 0.00 | — | 0.01 | May 27, 2019 | A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak… | |||
| CVE-2019-10026 | 0.00 | — | 0.01 | Mar 24, 2019 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case. | |||
| CVE-2019-10025 | 0.00 | — | 0.01 | Mar 24, 2019 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits. | |||
| CVE-2019-10024 | 0.00 | — | 0.01 | Mar 24, 2019 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters. | |||
| CVE-2019-10023 | 0.00 | — | 0.01 | Mar 24, 2019 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case. | |||
| CVE-2019-10022 | 0.00 | — | 0.01 | Mar 24, 2019 | An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc. | |||
| CVE-2019-10021 | 0.00 | — | 0.01 | Mar 24, 2019 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps. | |||
| CVE-2019-10020 | 0.00 | — | 0.01 | Mar 24, 2019 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters. |
- CVE-2019-14289Jul 27, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case.
- CVE-2019-14288Jul 27, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case.
- CVE-2019-13291Jul 4, 2019risk 0.00cvss —epss 0.01
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure.
- CVE-2019-13289Jul 4, 2019risk 0.00cvss —epss 0.01
In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool.
- CVE-2019-13287Jul 4, 2019risk 0.00cvss —epss 0.01
In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information…
- CVE-2019-13283Jul 4, 2019risk 0.00cvss —epss 0.01
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF…
- CVE-2019-13282Jul 4, 2019risk 0.00cvss —epss 0.01
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted…
- CVE-2019-13281Jul 4, 2019risk 0.00cvss —epss 0.01
In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file…
- CVE-2019-12958Jun 24, 2019risk 0.00cvss —epss 0.01
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated.
- CVE-2019-12957Jun 24, 2019risk 0.00cvss —epss 0.01
In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an…
- CVE-2019-12515Jun 1, 2019risk 0.00cvss —epss 0.01
There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a…
- CVE-2019-12493May 31, 2019risk 0.00cvss —epss 0.01
A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops…
- CVE-2019-12360May 27, 2019risk 0.00cvss —epss 0.01
A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak…
- CVE-2019-10026Mar 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.
- CVE-2019-10025Mar 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.
- CVE-2019-10024Mar 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.
- CVE-2019-10023Mar 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.
- CVE-2019-10022Mar 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.
- CVE-2019-10021Mar 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.
- CVE-2019-10020Mar 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.
Page 6 of 9