VYPR

Vendor CVEs

Xpdf

All CVEs

172 total · sorted by risk
  • CVE-2023-3044Jun 2, 2023
    risk 0.00cvss epss 0.00

    An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large…

  • CVE-2023-2664May 11, 2023
    risk 0.00cvss epss 0.00

     In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.

  • CVE-2023-2663May 11, 2023
    risk 0.00cvss epss 0.00

     In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.

  • CVE-2023-2662May 11, 2023
    risk 0.00cvss epss 0.00

    In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.

  • CVE-2023-26930Apr 26, 2023
    risk 0.00cvss epss 0.00

    Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.”

  • CVE-2022-45586Feb 15, 2023
    risk 0.00cvss epss 0.00

    Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service.

  • CVE-2022-45587Feb 15, 2023
    risk 0.00cvss epss 0.00

    Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.

  • CVE-2021-36493Feb 3, 2023
    risk 0.00cvss epss 0.01

    Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.

  • CVE-2022-43071Nov 15, 2022
    risk 0.00cvss epss 0.00

    A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

  • CVE-2022-43295Nov 14, 2022
    risk 0.00cvss epss 0.00

    XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795.

  • CVE-2021-40226Nov 10, 2022
    risk 0.00cvss epss 0.01

    xpdfreader 4.03 is vulnerable to Buffer Overflow.

  • CVE-2022-41842Sep 30, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.

  • CVE-2022-41843Sep 30, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.

  • CVE-2022-41844Sep 30, 2022
    risk 0.00cvss epss 0.00

    An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.

  • CVE-2022-38928Sep 21, 2022
    risk 0.00cvss epss 0.00

    XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.

  • CVE-2022-38334Sep 15, 2022
    risk 0.00cvss epss 0.00

    XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.

  • CVE-2022-36561Aug 30, 2022
    risk 0.00cvss epss 0.00

    XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.

  • CVE-2022-24106Aug 30, 2022
    risk 0.00cvss epss 0.00

    In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.

  • CVE-2022-24107Aug 30, 2022
    risk 0.00cvss epss 0.00

    Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.

  • CVE-2022-38171Aug 22, 2022
    risk 0.00cvss epss 0.00

    Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the…

  • CVE-2022-38238Aug 16, 2022
    risk 0.00cvss epss 0.00

    XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::lookChar() at /xpdf/Stream.cc.

  • CVE-2022-38237Aug 16, 2022
    risk 0.00cvss epss 0.00

    XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readScan() at /xpdf/Stream.cc.

  • CVE-2022-38236Aug 16, 2022
    risk 0.00cvss epss 0.00

    XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at /xpdf/Lexer.cc.

  • CVE-2022-38235Aug 16, 2022
    risk 0.00cvss epss 0.00

    XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc.

  • CVE-2022-38234Aug 16, 2022
    risk 0.00cvss epss 0.00

    XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at /xpdf/Lexer.cc.

  • CVE-2022-38233Aug 16, 2022
    risk 0.00cvss epss 0.00

    XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc.

  • CVE-2022-38231Aug 16, 2022
    risk 0.00cvss epss 0.00

    XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::getChar() at /xpdf/Stream.cc.

  • CVE-2022-38230Aug 16, 2022
    risk 0.00cvss epss 0.00

    XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at /xpdf/Stream.cc.

  • CVE-2022-38229Aug 16, 2022
    risk 0.00cvss epss 0.00

    XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc.

  • CVE-2022-38228Aug 16, 2022
    risk 0.00cvss epss 0.00

    XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc.

  • CVE-2022-38227Aug 16, 2022
    risk 0.00cvss epss 0.00

    XPDF commit ffaf11c was discovered to contain a stack overflow via __asan_memcpy at asan_interceptors_memintrinsics.cpp.

  • CVE-2022-38222Aug 15, 2022
    risk 0.00cvss epss 0.00

    There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.

  • CVE-2022-33108Jun 28, 2022
    risk 0.00cvss epss 0.01

    XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.

  • CVE-2021-27548May 18, 2022
    risk 0.00cvss epss 0.01

    There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.

  • CVE-2022-30775May 16, 2022
    risk 0.00cvss epss 0.01

    xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.

  • CVE-2022-30524May 9, 2022
    risk 0.00cvss epss 0.02

    There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote…

  • CVE-2022-27135Apr 25, 2022
    risk 0.00cvss epss 0.01

    xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.

  • CVE-2020-35376Dec 26, 2020
    risk 0.00cvss epss 0.02

    Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.

  • CVE-2020-25725Nov 21, 2020
    risk 0.00cvss epss 0.01

    In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where…

  • CVE-2020-24996Sep 3, 2020
    risk 0.00cvss epss 0.01

    There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation…

  • CVE-2020-24999Sep 3, 2020
    risk 0.00cvss epss 0.01

    There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified…

  • CVE-2010-0206Oct 30, 2019
    risk 0.00cvss epss 0.01

    xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects.

  • CVE-2019-17064Oct 1, 2019
    risk 0.00cvss epss 0.01

    Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.

  • CVE-2019-16927Sep 27, 2019
    risk 0.00cvss epss 0.01

    Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877.

  • CVE-2019-16115Sep 8, 2019
    risk 0.00cvss epss 0.01

    In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted…

  • CVE-2019-16088Sep 6, 2019
    risk 0.00cvss epss 0.01

    Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc.

  • CVE-2019-14294Jul 27, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read.

  • CVE-2019-14293Jul 27, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2.

  • CVE-2019-14292Jul 27, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1.

  • CVE-2019-14291Jul 27, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3.