Glyphandcog Glyphandcog

  1. Vendors
  2. Glyphandcog
Do you want an email whenever new security vulnerabilities are reported in any Glyphandcog product?

Products by Glyphandcog Sorted by Most Security Vulnerabilities since 2018

Glyphandcog Xpdfreader35 vulnerabilities

Glyphandcog Pdfimages1 vulnerability

Glyphandcog Xpdf1 vulnerability

By the Year

In 2024 there have been 0 vulnerabilities in Glyphandcog . Last year Glyphandcog had 1 security vulnerability published. Right now, Glyphandcog is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 1 0.00
2022 3 7.70
2021 0 0.00
2020 0 0.00
2019 28 6.49
2018 0 0.00

It may take a day or so for new Glyphandcog vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Glyphandcog Security Vulnerabilities

** REJECT ** DO NOT USE THIS CVE RECORD

CVE-2023-31554 - May 10, 2023

** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-2663. Reason: This record is a reservation duplicate of CVE-2023-2663. Notes: All CVE users should reference CVE-2023-2663 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.

xpdfreader 4.03 is vulnerable to Buffer Overflow.

CVE-2021-40226 7.5 - High - November 10, 2022

xpdfreader 4.03 is vulnerable to Buffer Overflow.

Memory Corruption

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly

CVE-2022-24106 7.8 - High - August 30, 2022

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.

Integer Overflow or Wraparound

Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.

CVE-2022-24107 7.8 - High - August 30, 2022

Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.

Integer Overflow or Wraparound

Catalog.cc in Xpdf 4.02 has a NULL pointer dereference

CVE-2019-17064 5.5 - Medium - October 01, 2019

Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.

NULL Pointer Dereference

Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc

CVE-2019-16927 5.5 - Medium - September 27, 2019

Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877.

Memory Corruption

In Xpdf 4.01.01

CVE-2019-16115 7.8 - High - September 08, 2019

In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact.

Out-of-bounds Read

Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc.

CVE-2019-16088 5.5 - Medium - September 06, 2019

Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc.

Stack Exhaustion

Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc

CVE-2019-15860 5.5 - Medium - September 03, 2019

Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002.

NULL Pointer Dereference

An issue was discovered in Xpdf 4.01.01

CVE-2019-14290 5.5 - Medium - July 27, 2019

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2.

Out-of-bounds Read

An issue was discovered in Xpdf 4.01.01

CVE-2019-14294 5.5 - Medium - July 27, 2019

An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read.

Out-of-bounds Read

An issue was discovered in Xpdf 4.01.01

CVE-2019-14293 5.5 - Medium - July 27, 2019

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2.

Out-of-bounds Read

An issue was discovered in Xpdf 4.01.01

CVE-2019-14292 5.5 - Medium - July 27, 2019

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1.

Out-of-bounds Read

An issue was discovered in Xpdf 4.01.01

CVE-2019-14291 5.5 - Medium - July 27, 2019

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3.

Out-of-bounds Read

An issue was discovered in Xpdf 4.01.01

CVE-2019-14289 5.5 - Medium - July 27, 2019

An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case.

Integer Overflow or Wraparound

An issue was discovered in Xpdf 4.01.01

CVE-2019-14288 7.8 - High - July 27, 2019

An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case.

Integer Overflow or Wraparound

In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc

CVE-2019-13289 7.8 - High - July 04, 2019

In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool.

Dangling pointer

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc

CVE-2019-13291 5.5 - Medium - July 04, 2019

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure.

Out-of-bounds Read

In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file

CVE-2019-13288 5.5 - Medium - July 04, 2019

In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.

Stack Exhaustion

In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc

CVE-2019-13287 5.5 - Medium - July 04, 2019

In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368.

Out-of-bounds Read

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.