VYPR

Vendor CVEs

Xpdf

All CVEs

172 total · sorted by risk
  • CVE-2018-11033HigMay 14, 2018
    risk 0.51cvss 7.8epss 0.01

    The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.

  • CVE-2018-8100HigMar 14, 2018
    risk 0.51cvss 7.8epss 0.01

    The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml.

  • CVE-2018-16369MedSep 3, 2018
    risk 0.36cvss 5.5epss 0.02

    XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.

  • CVE-2018-16368MedSep 3, 2018
    risk 0.36cvss 5.5epss 0.01

    SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

  • CVE-2018-8107MedMar 14, 2018
    risk 0.36cvss 5.5epss 0.01

    The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

  • CVE-2018-8106MedMar 14, 2018
    risk 0.36cvss 5.5epss 0.01

    The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

  • CVE-2018-8105MedMar 14, 2018
    risk 0.36cvss 5.5epss 0.01

    The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

  • CVE-2018-8104MedMar 14, 2018
    risk 0.36cvss 5.5epss 0.01

    The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

  • CVE-2018-8103MedMar 14, 2018
    risk 0.36cvss 5.5epss 0.01

    The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

  • CVE-2018-8102MedMar 14, 2018
    risk 0.36cvss 5.5epss 0.01

    The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

  • CVE-2018-8101MedMar 14, 2018
    risk 0.36cvss 5.5epss 0.01

    The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

  • CVE-2018-7455MedFeb 24, 2018
    risk 0.36cvss 5.5epss 0.01

    An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.

  • CVE-2018-7454MedFeb 24, 2018
    risk 0.36cvss 5.5epss 0.01

    A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.

  • CVE-2018-7453MedFeb 24, 2018
    risk 0.36cvss 5.5epss 0.01

    Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.

  • CVE-2018-7452MedFeb 24, 2018
    risk 0.36cvss 5.5epss 0.01

    A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.

  • CVE-2018-7175MedFeb 15, 2018
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components.

  • CVE-2018-7174MedFeb 15, 2018
    risk 0.36cvss 5.5epss 0.01

    An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams.

  • CVE-2018-7173MedFeb 15, 2018
    risk 0.36cvss 5.5epss 0.01

    A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.

  • CVE-2011-2902MedJan 30, 2018
    risk 0.35cvss 5.3epss 0.01

    zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name.

  • CVE-2025-11896LowOct 16, 2025
    risk 0.14cvss epss 0.00

    In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow.

  • CVE-2025-3154LowApr 2, 2025
    risk 0.14cvss epss 0.00

    Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary.

  • CVE-2025-2574LowMar 20, 2025
    risk 0.14cvss epss 0.00

    Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect integer overflow checking in the PostScript function interpreter code.

  • CVE-2003-0434Jul 24, 2003
    risk 0.06cvss epss 0.41

    Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.

  • CVE-2019-13288Jul 4, 2019
    risk 0.03cvss epss 0.05

    In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.

  • CVE-2011-1552Mar 31, 2011
    risk 0.01cvss epss 0.10

    t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than…

  • CVE-2009-3608Oct 21, 2009
    risk 0.01cvss epss 0.10

    Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that…

  • CVE-2009-3604Oct 21, 2009
    risk 0.01cvss epss 0.09

    The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary…

  • CVE-2009-3603Oct 21, 2009
    risk 0.01cvss epss 0.09

    Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are…

  • CVE-2009-1188Apr 23, 2009
    risk 0.01cvss epss 0.07

    Integer overflow in the JBIG2 decoding feature in the SplashBitmap::SplashBitmap function in SplashBitmap.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.10.6, as used in GPdf and kdegraphics KPDF, allows remote attackers to execute arbitrary code or cause a denial of service…

  • CVE-2009-1182Apr 23, 2009
    risk 0.01cvss epss 0.07

    Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

  • CVE-2007-5392Nov 8, 2007
    risk 0.01cvss epss 0.06

    Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.

  • CVE-2007-5393Nov 8, 2007
    risk 0.01cvss epss 0.06

    Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.

  • CVE-2007-4352Nov 8, 2007
    risk 0.01cvss epss 0.07

    Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.

  • CVE-2007-3387Jul 30, 2007
    risk 0.01cvss epss 0.09

    Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted…

  • CVE-2005-0064May 2, 2005
    risk 0.01cvss epss 0.07

    Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.

  • CVE-2004-0888Jan 27, 2005
    risk 0.01cvss epss 0.09

    Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by…

  • CVE-2004-1125Jan 10, 2005
    risk 0.01cvss epss 0.07

    Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary…

  • CVE-2026-4407Mar 18, 2026
    risk 0.00cvss epss 0.00

    Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces.

  • CVE-2024-7868Aug 15, 2024
    risk 0.00cvss epss 0.00

    In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address.

  • CVE-2024-7867Aug 15, 2024
    risk 0.00cvss epss 0.00

    In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.

  • CVE-2024-7866Aug 15, 2024
    risk 0.00cvss epss 0.00

    In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow.

  • CVE-2024-4976May 15, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference.

  • CVE-2024-4568May 6, 2024
    risk 0.00cvss epss 0.00

    In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow.

  • CVE-2024-4141Apr 24, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers.

  • CVE-2024-3900Apr 17, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText.

  • CVE-2024-3248Apr 2, 2024
    risk 0.00cvss epss 0.00

    In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow.

  • CVE-2024-3247Apr 2, 2024
    risk 0.00cvss epss 0.00

    In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow.

  • CVE-2024-2971Mar 26, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file.

  • CVE-2022-48545Aug 22, 2023
    risk 0.00cvss epss 0.00

    An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.

  • CVE-2023-3436Jun 27, 2023
    risk 0.00cvss epss 0.00

    Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream.

Page 1 of 4