VYPR

Vendor CVEs

Xpdf

All CVEs

172 total · sorted by risk
  • CVE-2019-14290Jul 27, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2.

  • CVE-2019-14289Jul 27, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case.

  • CVE-2019-14288Jul 27, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case.

  • CVE-2019-13291Jul 4, 2019
    risk 0.00cvss epss 0.01

    In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure.

  • CVE-2019-13289Jul 4, 2019
    risk 0.00cvss epss 0.01

    In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool.

  • CVE-2019-13287Jul 4, 2019
    risk 0.00cvss epss 0.01

    In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information…

  • CVE-2019-13283Jul 4, 2019
    risk 0.00cvss epss 0.01

    In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF…

  • CVE-2019-13282Jul 4, 2019
    risk 0.00cvss epss 0.01

    In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted…

  • CVE-2019-13281Jul 4, 2019
    risk 0.00cvss epss 0.01

    In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file…

  • CVE-2019-12958Jun 24, 2019
    risk 0.00cvss epss 0.01

    In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated.

  • CVE-2019-12957Jun 24, 2019
    risk 0.00cvss epss 0.01

    In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an…

  • CVE-2019-12515Jun 1, 2019
    risk 0.00cvss epss 0.01

    There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a…

  • CVE-2019-12493May 31, 2019
    risk 0.00cvss epss 0.01

    A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops…

  • CVE-2019-12360May 27, 2019
    risk 0.00cvss epss 0.01

    A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak…

  • CVE-2019-10026Mar 24, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.

  • CVE-2019-10025Mar 24, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.

  • CVE-2019-10024Mar 24, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.

  • CVE-2019-10023Mar 24, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.

  • CVE-2019-10022Mar 24, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.

  • CVE-2019-10021Mar 24, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.

  • CVE-2019-10020Mar 24, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.

  • CVE-2019-10019Mar 24, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.

  • CVE-2019-10018Mar 24, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.

  • CVE-2019-9878Mar 19, 2019
    risk 0.00cvss epss 0.01

    There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of…

  • CVE-2019-9877Mar 19, 2019
    risk 0.00cvss epss 0.01

    There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation…

  • CVE-2019-9588Mar 6, 2019
    risk 0.00cvss epss 0.01

    There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified…

  • CVE-2019-9589Mar 6, 2019
    risk 0.00cvss epss 0.01

    There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault)…

  • CVE-2019-9587Mar 6, 2019
    risk 0.00cvss epss 0.01

    There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other…

  • CVE-2018-18650Oct 25, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a…

  • CVE-2018-18651Oct 25, 2018
    risk 0.00cvss epss 0.01

    An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the…

  • CVE-2018-18459Oct 18, 2018
    risk 0.00cvss epss 0.01

    The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.

  • CVE-2018-18457Oct 18, 2018
    risk 0.00cvss epss 0.01

    The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.

  • CVE-2018-18456Oct 18, 2018
    risk 0.00cvss epss 0.01

    The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

  • CVE-2018-18455Oct 18, 2018
    risk 0.00cvss epss 0.01

    The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

  • CVE-2018-18458Oct 18, 2018
    risk 0.00cvss epss 0.01

    The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.

  • CVE-2018-18454Oct 18, 2018
    risk 0.00cvss epss 0.01

    CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

  • CVE-2013-4472Apr 22, 2014
    risk 0.00cvss epss 0.00

    The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

  • CVE-2011-1554Mar 31, 2011
    risk 0.00cvss epss 0.05

    Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer…

  • CVE-2010-3704Nov 5, 2010
    risk 0.00cvss epss 0.04

    The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly…

  • CVE-2010-3702Nov 5, 2010
    risk 0.00cvss epss 0.03

    The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an…

  • CVE-2009-4035Dec 21, 2009
    risk 0.00cvss epss 0.04

    The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via…

  • CVE-2009-3609Oct 21, 2009
    risk 0.00cvss epss 0.04

    Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that…

  • CVE-2009-0791Jun 9, 2009
    risk 0.00cvss epss 0.06

    Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted…

  • CVE-2009-0165Apr 23, 2009
    risk 0.00cvss epss 0.04

    Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."

  • CVE-2009-1183Apr 23, 2009
    risk 0.00cvss epss 0.04

    The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.

  • CVE-2009-1181Apr 23, 2009
    risk 0.00cvss epss 0.04

    The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.

  • CVE-2009-1180Apr 23, 2009
    risk 0.00cvss epss 0.05

    The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.

  • CVE-2009-1179Apr 23, 2009
    risk 0.00cvss epss 0.06

    Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.

  • CVE-2009-0800Apr 23, 2009
    risk 0.00cvss epss 0.05

    Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.

  • CVE-2009-0799Apr 23, 2009
    risk 0.00cvss epss 0.04

    The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.