Xpdf Xpdfreader Xpdf

Do you want an email whenever new security vulnerabilities are reported in Xpdfreader Xpdf?

By the Year

In 2022 there have been 0 vulnerabilities in Xpdfreader Xpdf . Xpdf did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2022 0 0.00
2021 0 0.00
2020 2 6.50
2019 11 5.92
2018 26 5.68

It may take a day or so for new Xpdf vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Xpdfreader Xpdf Security Vulnerabilities

Xpdf 4.02 allows stack consumption

CVE-2020-35376 7.5 - High - December 26, 2020

Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.

Memory Corruption

In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`

CVE-2020-25725 5.5 - Medium - November 21, 2020

In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.

Dangling pointer

An issue was discovered in Xpdf 4.01.01

CVE-2019-10018 5.5 - Medium - March 25, 2019

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.

Divide By Zero

An issue was discovered in Xpdf 4.01.01

CVE-2019-10019 5.5 - Medium - March 25, 2019

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.

Divide By Zero

An issue was discovered in Xpdf 4.01.01

CVE-2019-10020 5.5 - Medium - March 25, 2019

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.

Divide By Zero

An issue was discovered in Xpdf 4.01.01

CVE-2019-10021 5.5 - Medium - March 25, 2019

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.

Divide By Zero

An issue was discovered in Xpdf 4.01.01

CVE-2019-10022 5.5 - Medium - March 25, 2019

An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.

NULL Pointer Dereference

An issue was discovered in Xpdf 4.01.01

CVE-2019-10023 5.5 - Medium - March 25, 2019

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.

Divide By Zero

An issue was discovered in Xpdf 4.01.01

CVE-2019-10024 5.5 - Medium - March 25, 2019

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.

Divide By Zero

An issue was discovered in Xpdf 4.01.01

CVE-2019-10025 5.5 - Medium - March 25, 2019

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.

Divide By Zero

An issue was discovered in Xpdf 4.01.01

CVE-2019-10026 5.5 - Medium - March 25, 2019

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.

Divide By Zero

There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01

CVE-2019-9877 7.8 - High - March 21, 2019

There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Buffer Overflow

There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0

CVE-2019-9878 7.8 - High - March 21, 2019

There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.

Buffer Overflow

An issue was discovered in Xpdf 4.00

CVE-2018-18651 5.5 - Medium - October 25, 2018

An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file.

Excessive Iteration

An issue was discovered in Xpdf 4.00

CVE-2018-18650 5.5 - Medium - October 25, 2018

An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory.

Integer Overflow or Wraparound

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00

CVE-2018-18459 5.5 - Medium - October 18, 2018

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.

NULL Pointer Dereference

The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00

CVE-2018-18458 5.5 - Medium - October 18, 2018

The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.

NULL Pointer Dereference

The function DCTStream::readScan in Stream.cc in Xpdf 4.00

CVE-2018-18457 5.5 - Medium - October 18, 2018

The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.

NULL Pointer Dereference

The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00

CVE-2018-18456 5.5 - Medium - October 18, 2018

The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

Out-of-bounds Read

The GfxImageColorMap class in GfxState.cc in Xpdf 4.00

CVE-2018-18455 5.5 - Medium - October 18, 2018

The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

Out-of-bounds Read

CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00

CVE-2018-18454 5.5 - Medium - October 18, 2018

CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

Out-of-bounds Read

SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00

CVE-2018-16368 5.5 - Medium - September 03, 2018

SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

Out-of-bounds Read

XRef::fetch in XRef.cc in Xpdf 4.00

CVE-2018-16369 5.5 - Medium - September 03, 2018

XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.

The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00

CVE-2018-11033 7.8 - High - May 14, 2018

The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.

Buffer Overflow

The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00

CVE-2018-8101 5.5 - Medium - March 14, 2018

The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

Out-of-bounds Read

The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00

CVE-2018-8100 7.8 - High - March 14, 2018

The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml.

Memory Corruption

The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00

CVE-2018-8102 5.5 - Medium - March 14, 2018

The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

Out-of-bounds Read

The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00

CVE-2018-8103 5.5 - Medium - March 14, 2018

The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

Out-of-bounds Read

The BufStream::lookChar function in Stream.cc in xpdf 4.00

CVE-2018-8104 5.5 - Medium - March 14, 2018

The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

Out-of-bounds Read

The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00

CVE-2018-8105 5.5 - Medium - March 14, 2018

The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

Out-of-bounds Read

The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00

CVE-2018-8106 5.5 - Medium - March 14, 2018

The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

Out-of-bounds Read

The JPXStream::close function in JPXStream.cc in xpdf 4.00

CVE-2018-8107 5.5 - Medium - March 14, 2018

The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

Out-of-bounds Read

An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00

CVE-2018-7455 5.5 - Medium - February 24, 2018

An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.

Out-of-bounds Read

A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00

CVE-2018-7454 5.5 - Medium - February 24, 2018

A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.

NULL Pointer Dereference

Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00

CVE-2018-7453 5.5 - Medium - February 24, 2018

Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.

Infinite Loop

A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00

CVE-2018-7452 5.5 - Medium - February 24, 2018

A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.

NULL Pointer Dereference

An issue was discovered in xpdf 4.00

CVE-2018-7175 5.5 - Medium - February 15, 2018

An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components.

NULL Pointer Dereference

An issue was discovered in xpdf 4.00

CVE-2018-7174 5.5 - Medium - February 15, 2018

An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams.

Infinite Loop

A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00

CVE-2018-7173 5.5 - Medium - February 15, 2018

A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.

Encoding Error

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors

CVE-2010-3702 - November 05, 2010

The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.

NULL Pointer Dereference

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file

CVE-2007-3387 - July 30, 2007

Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

Integer Overflow or Wraparound

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Debian Linux or by Xpdfreader? Click the Watch button to subscribe.

Xpdfreader
Vendor

subscribe