Vendor CVEs
Xpdf
All CVEs
172 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-14290 | 0.00 | — | 0.01 | Jul 27, 2019 | An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2. | |||
| CVE-2019-14289 | 0.00 | — | 0.01 | Jul 27, 2019 | An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case. | |||
| CVE-2019-14288 | 0.00 | — | 0.01 | Jul 27, 2019 | An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case. | |||
| CVE-2019-13291 | 0.00 | — | 0.01 | Jul 4, 2019 | In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure. | |||
| CVE-2019-13289 | 0.00 | — | 0.01 | Jul 4, 2019 | In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. | |||
| CVE-2019-13287 | 0.00 | — | 0.01 | Jul 4, 2019 | In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information… | |||
| CVE-2019-13283 | 0.00 | — | 0.01 | Jul 4, 2019 | In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF… | |||
| CVE-2019-13282 | 0.00 | — | 0.01 | Jul 4, 2019 | In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted… | |||
| CVE-2019-13281 | 0.00 | — | 0.01 | Jul 4, 2019 | In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file… | |||
| CVE-2019-12958 | 0.00 | — | 0.01 | Jun 24, 2019 | In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated. | |||
| CVE-2019-12957 | 0.00 | — | 0.01 | Jun 24, 2019 | In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an… | |||
| CVE-2019-12515 | 0.00 | — | 0.01 | Jun 1, 2019 | There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a… | |||
| CVE-2019-12493 | 0.00 | — | 0.01 | May 31, 2019 | A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops… | |||
| CVE-2019-12360 | 0.00 | — | 0.01 | May 27, 2019 | A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak… | |||
| CVE-2019-10026 | 0.00 | — | 0.01 | Mar 24, 2019 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case. | |||
| CVE-2019-10025 | 0.00 | — | 0.01 | Mar 24, 2019 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits. | |||
| CVE-2019-10024 | 0.00 | — | 0.01 | Mar 24, 2019 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters. | |||
| CVE-2019-10023 | 0.00 | — | 0.01 | Mar 24, 2019 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case. | |||
| CVE-2019-10022 | 0.00 | — | 0.01 | Mar 24, 2019 | An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc. | |||
| CVE-2019-10021 | 0.00 | — | 0.01 | Mar 24, 2019 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps. | |||
| CVE-2019-10020 | 0.00 | — | 0.01 | Mar 24, 2019 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters. | |||
| CVE-2019-10019 | 0.00 | — | 0.01 | Mar 24, 2019 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes. | |||
| CVE-2019-10018 | 0.00 | — | 0.01 | Mar 24, 2019 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. | |||
| CVE-2019-9878 | 0.00 | — | 0.01 | Mar 19, 2019 | There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of… | |||
| CVE-2019-9877 | 0.00 | — | 0.01 | Mar 19, 2019 | There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation… | |||
| CVE-2019-9588 | 0.00 | — | 0.01 | Mar 6, 2019 | There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified… | |||
| CVE-2019-9589 | 0.00 | — | 0.01 | Mar 6, 2019 | There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault)… | |||
| CVE-2019-9587 | 0.00 | — | 0.01 | Mar 6, 2019 | There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other… | |||
| CVE-2018-18650 | 0.00 | — | 0.01 | Oct 25, 2018 | An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a… | |||
| CVE-2018-18651 | 0.00 | — | 0.01 | Oct 25, 2018 | An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the… | |||
| CVE-2018-18459 | 0.00 | — | 0.01 | Oct 18, 2018 | The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. | |||
| CVE-2018-18457 | 0.00 | — | 0.01 | Oct 18, 2018 | The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. | |||
| CVE-2018-18456 | 0.00 | — | 0.01 | Oct 18, 2018 | The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. | |||
| CVE-2018-18455 | 0.00 | — | 0.01 | Oct 18, 2018 | The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. | |||
| CVE-2018-18458 | 0.00 | — | 0.01 | Oct 18, 2018 | The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. | |||
| CVE-2018-18454 | 0.00 | — | 0.01 | Oct 18, 2018 | CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. | |||
| CVE-2013-4472 | 0.00 | — | 0.00 | Apr 22, 2014 | The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. | |||
| CVE-2011-1554 | 0.00 | — | 0.05 | Mar 31, 2011 | Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer… | |||
| CVE-2010-3704 | 0.00 | — | 0.04 | Nov 5, 2010 | The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly… | |||
| CVE-2010-3702 | 0.00 | — | 0.03 | Nov 5, 2010 | The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an… | |||
| CVE-2009-4035 | 0.00 | — | 0.04 | Dec 21, 2009 | The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via… | |||
| CVE-2009-3609 | 0.00 | — | 0.04 | Oct 21, 2009 | Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that… | |||
| CVE-2009-0791 | 0.00 | — | 0.06 | Jun 9, 2009 | Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted… | |||
| CVE-2009-0165 | 0.00 | — | 0.04 | Apr 23, 2009 | Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn." | |||
| CVE-2009-1183 | 0.00 | — | 0.04 | Apr 23, 2009 | The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. | |||
| CVE-2009-1181 | 0.00 | — | 0.04 | Apr 23, 2009 | The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. | |||
| CVE-2009-1180 | 0.00 | — | 0.05 | Apr 23, 2009 | The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data. | |||
| CVE-2009-1179 | 0.00 | — | 0.06 | Apr 23, 2009 | Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file. | |||
| CVE-2009-0800 | 0.00 | — | 0.05 | Apr 23, 2009 | Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file. | |||
| CVE-2009-0799 | 0.00 | — | 0.04 | Apr 23, 2009 | The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read. |
- CVE-2019-14290Jul 27, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2.
- CVE-2019-14289Jul 27, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case.
- CVE-2019-14288Jul 27, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case.
- CVE-2019-13291Jul 4, 2019risk 0.00cvss —epss 0.01
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure.
- CVE-2019-13289Jul 4, 2019risk 0.00cvss —epss 0.01
In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool.
- CVE-2019-13287Jul 4, 2019risk 0.00cvss —epss 0.01
In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information…
- CVE-2019-13283Jul 4, 2019risk 0.00cvss —epss 0.01
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF…
- CVE-2019-13282Jul 4, 2019risk 0.00cvss —epss 0.01
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted…
- CVE-2019-13281Jul 4, 2019risk 0.00cvss —epss 0.01
In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file…
- CVE-2019-12958Jun 24, 2019risk 0.00cvss —epss 0.01
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated.
- CVE-2019-12957Jun 24, 2019risk 0.00cvss —epss 0.01
In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an…
- CVE-2019-12515Jun 1, 2019risk 0.00cvss —epss 0.01
There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a…
- CVE-2019-12493May 31, 2019risk 0.00cvss —epss 0.01
A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops…
- CVE-2019-12360May 27, 2019risk 0.00cvss —epss 0.01
A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak…
- CVE-2019-10026Mar 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.
- CVE-2019-10025Mar 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.
- CVE-2019-10024Mar 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.
- CVE-2019-10023Mar 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.
- CVE-2019-10022Mar 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.
- CVE-2019-10021Mar 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.
- CVE-2019-10020Mar 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.
- CVE-2019-10019Mar 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.
- CVE-2019-10018Mar 24, 2019risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.
- CVE-2019-9878Mar 19, 2019risk 0.00cvss —epss 0.01
There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of…
- CVE-2019-9877Mar 19, 2019risk 0.00cvss —epss 0.01
There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation…
- CVE-2019-9588Mar 6, 2019risk 0.00cvss —epss 0.01
There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified…
- CVE-2019-9589Mar 6, 2019risk 0.00cvss —epss 0.01
There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault)…
- CVE-2019-9587Mar 6, 2019risk 0.00cvss —epss 0.01
There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other…
- CVE-2018-18650Oct 25, 2018risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a…
- CVE-2018-18651Oct 25, 2018risk 0.00cvss —epss 0.01
An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the…
- CVE-2018-18459Oct 18, 2018risk 0.00cvss —epss 0.01
The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
- CVE-2018-18457Oct 18, 2018risk 0.00cvss —epss 0.01
The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
- CVE-2018-18456Oct 18, 2018risk 0.00cvss —epss 0.01
The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
- CVE-2018-18455Oct 18, 2018risk 0.00cvss —epss 0.01
The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
- CVE-2018-18458Oct 18, 2018risk 0.00cvss —epss 0.01
The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
- CVE-2018-18454Oct 18, 2018risk 0.00cvss —epss 0.01
CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
- CVE-2013-4472Apr 22, 2014risk 0.00cvss —epss 0.00
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.
- CVE-2011-1554Mar 31, 2011risk 0.00cvss —epss 0.05
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer…
- CVE-2010-3704Nov 5, 2010risk 0.00cvss —epss 0.04
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly…
- CVE-2010-3702Nov 5, 2010risk 0.00cvss —epss 0.03
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an…
- CVE-2009-4035Dec 21, 2009risk 0.00cvss —epss 0.04
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via…
- CVE-2009-3609Oct 21, 2009risk 0.00cvss —epss 0.04
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that…
- CVE-2009-0791Jun 9, 2009risk 0.00cvss —epss 0.06
Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted…
- CVE-2009-0165Apr 23, 2009risk 0.00cvss —epss 0.04
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn."
- CVE-2009-1183Apr 23, 2009risk 0.00cvss —epss 0.04
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
- CVE-2009-1181Apr 23, 2009risk 0.00cvss —epss 0.04
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.
- CVE-2009-1180Apr 23, 2009risk 0.00cvss —epss 0.05
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.
- CVE-2009-1179Apr 23, 2009risk 0.00cvss —epss 0.06
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.
- CVE-2009-0800Apr 23, 2009risk 0.00cvss —epss 0.05
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
- CVE-2009-0799Apr 23, 2009risk 0.00cvss —epss 0.04
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.
Page 3 of 4