Xpdfreader Xpdf
By the Year
In 2024 there have been 0 vulnerabilities in Xpdfreader Xpdf . Last year Xpdf had 18 security vulnerabilities published. Right now, Xpdf is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 18 | 5.26 |
2022 | 15 | 6.27 |
2021 | 1 | 7.80 |
2020 | 2 | 6.50 |
2019 | 11 | 5.92 |
2018 | 26 | 5.68 |
It may take a day or so for new Xpdf vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Xpdfreader Xpdf Security Vulnerabilities
An infinite recursion in Catalog::findDestInTree
CVE-2022-48545
5.5 - Medium
- August 22, 2023
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.
Stack Exhaustion
Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream.
CVE-2023-3436
3.3 - Low
- June 27, 2023
Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream.
Improper Locking
An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files)
CVE-2023-3044
3.3 - Low
- June 02, 2023
An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.
Divide By Zero
In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file
CVE-2023-2662
5.5 - Medium
- May 11, 2023
In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.
Divide By Zero
In Xpdf 4.04 (and earlier)
CVE-2023-2663
5.5 - Medium
- May 11, 2023
In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.
Stack Exhaustion
In Xpdf 4.04 (and earlier)
CVE-2023-2664
5.5 - Medium
- May 11, 2023
In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.
Stack Exhaustion
** REJECT ** DO NOT USE THIS CVE RECORD
CVE-2023-31557
- May 10, 2023
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-2664. Reason: This record is a reservation duplicate of CVE-2023-2664. Notes: All CVE users should reference CVE-2023-2664 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
** REJECT ** DO NOT USE THIS CVE RECORD
CVE-2023-26931
- April 26, 2023
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2022-30524. Reason: This record is a duplicate of CVE-2022-30524. Notes: All CVE users should reference CVE-2022-30524 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
** REJECT ** DO NOT USE THIS CVE RECORD
CVE-2023-26938
- April 26, 2023
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2019-9587. Reason: This record is a reservation duplicate of CVE-2019-9587. Notes: All CVE users should reference CVE-2019-9587 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
** REJECT ** DO NOT USE THIS CVE RECORD
CVE-2023-26937
- April 26, 2023
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2019-9587. Reason: This record is a reservation duplicate of CVE-2019-9587. Notes: All CVE users should reference CVE-2019-9587 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
** REJECT ** DO NOT USE THIS CVE RECORD
CVE-2023-26936
- April 26, 2023
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2019-9587. Reason: This record is a reservation duplicate of CVE-2019-9587. Notes: All CVE users should reference CVE-2019-9587 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
** REJECT ** DO NOT USE THIS CVE RECORD
CVE-2023-26935
- April 26, 2023
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2019-9587. Reason: This record is a reservation duplicate of CVE-2019-9587. Notes: All CVE users should reference CVE-2019-9587 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
** REJECT ** DO NOT USE THIS CVE RECORD
CVE-2023-26934
- April 26, 2023
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2019-9587. Reason: This record is a reservation duplicate of CVE-2019-9587. Notes: All CVE users should reference CVE-2019-9587 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
Buffer Overflow vulnerability found in XPDF v.4.04
CVE-2023-26930
5.5 - Medium
- April 26, 2023
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states it's an expected abort on out-of-memory error.
Classic Buffer Overflow
** REJECT ** DO NOT USE THIS CVE RECORD
CVE-2023-27655
- March 23, 2023
** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2019-9587. Reason: This record is a reservation duplicate of CVE-2019-9587. Notes: All CVE users should reference CVE-2019-9587 instead of this record. All references and descriptions in this record have been removed to prevent accidental usage.
Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04
CVE-2022-45586
5.5 - Medium
- February 15, 2023
Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service.
Memory Corruption
Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04
CVE-2022-45587
5.5 - Medium
- February 15, 2023
Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.
Memory Corruption
Buffer Overflow vulnerability in pdfimages in xpdf 4.03
CVE-2021-36493
7.5 - High
- February 03, 2023
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.
Memory Corruption
A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04
CVE-2022-43071
5.5 - Medium
- November 15, 2022
A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Memory Corruption
XPDF v4.04 was discovered to contain a stack overflow
CVE-2022-43295
5.5 - Medium
- November 14, 2022
XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795.
Memory Corruption
An issue was discovered in Xpdf 4.04
CVE-2022-41842
5.5 - Medium
- September 30, 2022
An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.
Memory Corruption
An issue was discovered in Xpdf 4.04
CVE-2022-41843
5.5 - Medium
- September 30, 2022
An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.
NULL Pointer Dereference
An issue was discovered in Xpdf 4.04
CVE-2022-41844
5.5 - Medium
- September 30, 2022
An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.
Memory Corruption
There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04
CVE-2022-38222
7.8 - High
- September 29, 2022
There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
Dangling pointer
XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.
CVE-2022-38928
7.8 - High
- September 21, 2022
XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.
NULL Pointer Dereference
XPDF v4.04 and earlier was discovered to contain a stack overflow
CVE-2022-38334
5.5 - Medium
- September 15, 2022
XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.
Stack Exhaustion
XPDF v4.0.4 was discovered to contain a segmentation violation
CVE-2022-36561
5.5 - Medium
- August 30, 2022
XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc)
CVE-2022-38171
7.8 - High
- August 22, 2022
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
Integer Overflow or Wraparound
XPDF v4.04 was discovered to contain a stack overflow vulnerability
CVE-2022-33108
7.8 - High
- June 28, 2022
XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.
Memory Corruption
There is a Null Pointer Dereference vulnerability in the XFAS
CVE-2021-27548
5.5 - Medium
- May 18, 2022
There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.
NULL Pointer Dereference
xpdf 4.04 allocates excessive memory when presented with crafted input
CVE-2022-30775
5.5 - Medium
- May 16, 2022
xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.
Allocation of Resources Without Limits or Throttling
There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4
CVE-2022-30524
7.8 - High
- May 09, 2022
There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Memory Corruption
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc
CVE-2022-27135
5.5 - Medium
- April 25, 2022
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.
Memory Corruption
An integer overflow was addressed with improved input validation
CVE-2021-30860
7.8 - High
- August 24, 2021
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Integer Overflow or Wraparound
Xpdf 4.02 allows stack consumption
CVE-2020-35376
7.5 - High
- December 26, 2020
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.
Memory Corruption
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`
CVE-2020-25725
5.5 - Medium
- November 21, 2020
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.
Dangling pointer
An issue was discovered in Xpdf 4.01.01
CVE-2019-10025
5.5 - Medium
- March 25, 2019
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.
Divide By Zero
An issue was discovered in Xpdf 4.01.01
CVE-2019-10026
5.5 - Medium
- March 25, 2019
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.
Divide By Zero
An issue was discovered in Xpdf 4.01.01
CVE-2019-10024
5.5 - Medium
- March 25, 2019
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.
Divide By Zero
An issue was discovered in Xpdf 4.01.01
CVE-2019-10023
5.5 - Medium
- March 25, 2019
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.
Divide By Zero
An issue was discovered in Xpdf 4.01.01
CVE-2019-10022
5.5 - Medium
- March 25, 2019
An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.
NULL Pointer Dereference
An issue was discovered in Xpdf 4.01.01
CVE-2019-10021
5.5 - Medium
- March 25, 2019
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.
Divide By Zero
An issue was discovered in Xpdf 4.01.01
CVE-2019-10020
5.5 - Medium
- March 25, 2019
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.
Divide By Zero
An issue was discovered in Xpdf 4.01.01
CVE-2019-10019
5.5 - Medium
- March 25, 2019
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.
Divide By Zero
An issue was discovered in Xpdf 4.01.01
CVE-2019-10018
5.5 - Medium
- March 25, 2019
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.
Divide By Zero
There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0
CVE-2019-9878
7.8 - High
- March 21, 2019
There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Buffer Overflow
There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01
CVE-2019-9877
7.8 - High
- March 21, 2019
There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Buffer Overflow
An issue was discovered in Xpdf 4.00
CVE-2018-18650
5.5 - Medium
- October 25, 2018
An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory.
Integer Overflow or Wraparound
An issue was discovered in Xpdf 4.00
CVE-2018-18651
5.5 - Medium
- October 25, 2018
An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file.
Excessive Iteration
The function DCTStream::getBlock in Stream.cc in Xpdf 4.00
CVE-2018-18459
5.5 - Medium
- October 18, 2018
The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
NULL Pointer Dereference
The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00
CVE-2018-18458
5.5 - Medium
- October 18, 2018
The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
NULL Pointer Dereference
The function DCTStream::readScan in Stream.cc in Xpdf 4.00
CVE-2018-18457
5.5 - Medium
- October 18, 2018
The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
NULL Pointer Dereference
The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00
CVE-2018-18456
5.5 - Medium
- October 18, 2018
The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
Out-of-bounds Read
The GfxImageColorMap class in GfxState.cc in Xpdf 4.00
CVE-2018-18455
5.5 - Medium
- October 18, 2018
The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
Out-of-bounds Read
CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00
CVE-2018-18454
5.5 - Medium
- October 18, 2018
CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
Out-of-bounds Read
XRef::fetch in XRef.cc in Xpdf 4.00
CVE-2018-16369
5.5 - Medium
- September 03, 2018
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.
SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00
CVE-2018-16368
5.5 - Medium
- September 03, 2018
SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
Out-of-bounds Read
The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00
CVE-2018-11033
7.8 - High
- May 14, 2018
The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.
Buffer Overflow
The JPXStream::close function in JPXStream.cc in xpdf 4.00
CVE-2018-8107
5.5 - Medium
- March 14, 2018
The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
Out-of-bounds Read
The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00
CVE-2018-8100
7.8 - High
- March 14, 2018
The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml.
Memory Corruption
The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00
CVE-2018-8101
5.5 - Medium
- March 14, 2018
The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
Out-of-bounds Read
The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00
CVE-2018-8102
5.5 - Medium
- March 14, 2018
The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
Out-of-bounds Read
The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00
CVE-2018-8103
5.5 - Medium
- March 14, 2018
The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
Out-of-bounds Read
The BufStream::lookChar function in Stream.cc in xpdf 4.00
CVE-2018-8104
5.5 - Medium
- March 14, 2018
The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
Out-of-bounds Read
The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00
CVE-2018-8105
5.5 - Medium
- March 14, 2018
The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
Out-of-bounds Read
The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00
CVE-2018-8106
5.5 - Medium
- March 14, 2018
The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
Out-of-bounds Read
An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00
CVE-2018-7455
5.5 - Medium
- February 24, 2018
An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
Out-of-bounds Read
A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00
CVE-2018-7454
5.5 - Medium
- February 24, 2018
A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
NULL Pointer Dereference
Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00
CVE-2018-7453
5.5 - Medium
- February 24, 2018
Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.
Infinite Loop
A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00
CVE-2018-7452
5.5 - Medium
- February 24, 2018
A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
NULL Pointer Dereference
An issue was discovered in xpdf 4.00
CVE-2018-7175
5.5 - Medium
- February 15, 2018
An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components.
NULL Pointer Dereference
An issue was discovered in xpdf 4.00
CVE-2018-7174
5.5 - Medium
- February 15, 2018
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams.
Infinite Loop
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00
CVE-2018-7173
5.5 - Medium
- February 15, 2018
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.
Encoding Error
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors
CVE-2010-3702
- November 05, 2010
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
NULL Pointer Dereference
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file
CVE-2007-3387
- July 30, 2007
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
Integer Overflow or Wraparound
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Debian Linux or by Xpdfreader? Click the Watch button to subscribe.