Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Xpdf
(Xpdfreader)| Repositories | |
| #Vulnerabilities | 75 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-10-25 | CVE-2018-18650 | An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory. | Xpdf | 5.5 | ||
| 2018-10-18 | CVE-2018-18459 | The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. | Xpdf | 5.5 | ||
| 2018-10-18 | CVE-2018-18458 | The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. | Xpdf | 5.5 | ||
| 2018-10-18 | CVE-2018-18457 | The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. | Xpdf | 5.5 | ||
| 2018-10-18 | CVE-2018-18456 | The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. | Xpdf | 5.5 | ||
| 2018-10-18 | CVE-2018-18455 | The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. | Xpdf | 5.5 | ||
| 2018-10-18 | CVE-2018-18454 | CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. | Xpdf | 5.5 | ||
| 2018-09-02 | CVE-2018-16369 | XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453. | Xpdf | 5.5 | ||
| 2018-09-02 | CVE-2018-16368 | SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. | Xpdf | 5.5 | ||
| 2018-05-13 | CVE-2018-11033 | The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data. | Xpdf | 7.8 |