Vendor
Xpdf
Xpdf is a free and open-source PDF viewer and toolkit based on the Qt framework. Versions prior to 4.00 were written for the X Window System and Motif.
Products
1
CVEs
43
Across products
159
Status
Private
Products
1- 159 CVEs
Recent CVEs
43| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2003-0434 | 0.05 | — | 0.26 | Jul 24, 2003 | Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink. | ||
| CVE-2007-4352 | 0.02 | — | 0.25 | Nov 8, 2007 | Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file. | ||
| CVE-2007-0104 | 0.02 | — | 0.19 | Jan 9, 2007 | The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. | ||
| CVE-2007-5392 | 0.01 | — | 0.07 | Nov 8, 2007 | Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow. | ||
| CVE-2007-5393 | 0.01 | — | 0.14 | Nov 8, 2007 | Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter. | ||
| CVE-2005-3624 | 0.01 | — | 0.07 | Dec 31, 2005 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. | ||
| CVE-2005-3625 | 0.01 | — | 0.11 | Dec 31, 2005 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." | ||
| CVE-2005-3626 | 0.01 | — | 0.09 | Dec 31, 2005 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. | ||
| CVE-2005-3192 | 0.01 | — | 0.12 | Dec 8, 2005 | Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. | ||
| CVE-2005-0064 | 0.01 | — | 0.08 | May 2, 2005 | Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value. | ||
| CVE-2005-0206 | 0.01 | — | 0.07 | Apr 27, 2005 | The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. | ||
| CVE-2004-1125 | 0.01 | — | 0.07 | Jan 10, 2005 | Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded. | ||
| CVE-2026-4407 | 0.00 | — | 0.00 | Mar 18, 2026 | Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces. | ||
| CVE-2024-7868 | 0.00 | — | 0.00 | Aug 15, 2024 | In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address. | ||
| CVE-2024-7867 | 0.00 | — | 0.00 | Aug 15, 2024 | In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero. | ||
| CVE-2024-7866 | 0.00 | — | 0.00 | Aug 15, 2024 | In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow. | ||
| CVE-2024-4976 | 0.00 | — | 0.00 | May 15, 2024 | Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference. | ||
| CVE-2024-4568 | 0.00 | — | 0.00 | May 6, 2024 | In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow. | ||
| CVE-2024-4141 | 0.00 | — | 0.00 | Apr 24, 2024 | Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers. | ||
| CVE-2024-3900 | 0.00 | — | 0.00 | Apr 17, 2024 | Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText. |