Product:

Xpdf

(Xpdfreader)
Repositories
#Vulnerabilities 75
Date Id Summary Products Score Patch Annotated
2018-02-24 CVE-2018-7452 A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. Xpdf 5.5
2018-02-15 CVE-2018-7175 An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components. Xpdf 5.5
2018-02-15 CVE-2018-7174 An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams. Xpdf 5.5
2018-02-15 CVE-2018-7173 A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding. Xpdf 5.5
2018-10-25 CVE-2018-18651 An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file. Xpdf 5.5
2018-10-25 CVE-2018-18650 An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory. Xpdf 5.5
2018-10-18 CVE-2018-18459 The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. Xpdf 5.5
2018-10-18 CVE-2018-18458 The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. Xpdf 5.5
2018-10-18 CVE-2018-18457 The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. Xpdf 5.5
2018-10-18 CVE-2018-18456 The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. Xpdf 5.5