VYPR

Xpdf

by Xpdf

CVEs (171)

  • CVE-2019-10019Mar 24, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.

  • CVE-2019-10018Mar 24, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.

  • CVE-2019-9878Mar 19, 2019
    risk 0.00cvss epss 0.01

    There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of…

  • CVE-2019-9877Mar 19, 2019
    risk 0.00cvss epss 0.01

    There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation…

  • CVE-2019-9587Mar 6, 2019
    risk 0.00cvss epss 0.01

    There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other…

  • CVE-2019-9589Mar 6, 2019
    risk 0.00cvss epss 0.01

    There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault)…

  • CVE-2019-9588Mar 6, 2019
    risk 0.00cvss epss 0.01

    There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified…

  • CVE-2018-18651Oct 25, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the…

  • CVE-2018-18650Oct 25, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a…

  • CVE-2018-18455Oct 18, 2018
    risk 0.00cvss epss 0.01

    The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

  • CVE-2018-18457Oct 18, 2018
    risk 0.00cvss epss 0.01

    The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.

  • CVE-2018-18456Oct 18, 2018
    risk 0.00cvss epss 0.01

    The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

  • CVE-2018-18458Oct 18, 2018
    risk 0.00cvss epss 0.01

    The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.

  • CVE-2018-18454Oct 18, 2018
    risk 0.00cvss epss 0.01

    CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

  • CVE-2018-18459Oct 18, 2018
    risk 0.00cvss epss 0.01

    The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.

  • CVE-2013-4472Apr 22, 2014
    risk 0.00cvss epss 0.00

    The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

  • CVE-2011-1554Mar 31, 2011
    risk 0.00cvss epss 0.05

    Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer…

  • CVE-2010-3704Nov 5, 2010
    risk 0.00cvss epss 0.04

    The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly…

  • CVE-2010-3702Nov 5, 2010
    risk 0.00cvss epss 0.03

    The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an…

  • CVE-2009-4035Dec 21, 2009
    risk 0.00cvss epss 0.04

    The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via…

Page 7 of 9