Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Xpdf
(Xpdfreader)Repositories | |
#Vulnerabilities | 75 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2024-08-15 | CVE-2024-7868 | In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address. | Xpdf | 8.2 | ||
2024-08-15 | CVE-2024-7867 | In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero. | Xpdf | 6.2 | ||
2024-08-15 | CVE-2024-7866 | In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow. | Xpdf | 5.5 | ||
2019-03-25 | CVE-2019-10018 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. | Ubuntu_linux, Debian_linux, Xpdf | 5.5 | ||
2007-07-30 | CVE-2007-3387 | Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. | Cups, Ubuntu_linux, Debian_linux, Poppler, Gpdf, Xpdf | N/A | ||
2019-03-21 | CVE-2019-9878 | There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | Pdfalto, Xpdf | 7.8 | ||
2019-03-21 | CVE-2019-9877 | There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | Xpdf | 7.8 | ||
2010-11-05 | CVE-2010-3702 | The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. | Cups, Ubuntu_linux, Debian_linux, Fedora, Poppler, Opensuse, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Linux_enterprise_server, Xpdf | N/A | ||
2020-01-09 | CVE-2012-2142 | The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | Poppler, Opensuse, Enterprise_linux, Xpdf | N/A | ||
2019-10-30 | CVE-2010-0207 | In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers. | Xpdf | N/A |