Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Xpdf
(Xpdfreader)| Repositories | |
| #Vulnerabilities | 75 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2019-03-25 | CVE-2019-10018 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. | Ubuntu_linux, Debian_linux, Xpdf | 5.5 | ||
| 2023-02-15 | CVE-2022-45586 | Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service. | Xpdf | 5.5 | ||
| 2023-02-15 | CVE-2022-45587 | Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service. | Xpdf | 5.5 | ||
| 2007-07-30 | CVE-2007-3387 | Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. | Cups, Ubuntu_linux, Debian_linux, Poppler, Gpdf, Xpdf | N/A | ||
| 2023-02-03 | CVE-2021-36493 | Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command. | Xpdf | 7.5 | ||
| 2022-09-15 | CVE-2022-38334 | XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc. | Xpdf | 5.5 | ||
| 2022-11-15 | CVE-2022-43071 | A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | Xpdf | 5.5 | ||
| 2022-11-14 | CVE-2022-43295 | XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795. | Xpdf | 5.5 | ||
| 2022-08-22 | CVE-2022-38171 | Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics). | Poppler, Xpdf | 7.8 | ||
| 2022-09-30 | CVE-2022-41843 | An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928. | Xpdf | 5.5 |