Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Xpdf
(Xpdfreader)| Repositories | |
| #Vulnerabilities | 75 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-06-27 | CVE-2023-3436 | Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream. | Xpdf | 3.3 | ||
| 2023-06-02 | CVE-2023-3044 | An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate. | Xpdf | 3.3 | ||
| 2023-05-11 | CVE-2023-2662 | In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero. | Xpdf | 5.5 | ||
| 2023-05-11 | CVE-2023-2663 | In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow. | Xpdf | 5.5 | ||
| 2023-05-11 | CVE-2023-2664 | In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow. | Xpdf | 5.5 | ||
| 2019-03-25 | CVE-2019-10018 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. | Ubuntu_linux, Debian_linux, Xpdf | 5.5 | ||
| 2023-02-15 | CVE-2022-45586 | Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service. | Xpdf | 5.5 | ||
| 2023-02-15 | CVE-2022-45587 | Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service. | Xpdf | 5.5 | ||
| 2007-07-30 | CVE-2007-3387 | Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. | Cups, Ubuntu_linux, Debian_linux, Poppler, Gpdf, Xpdf | N/A | ||
| 2023-02-03 | CVE-2021-36493 | Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command. | Xpdf | 7.5 |