Xpdf

xpdf

26 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (26)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2004-0888 11Debian Easy Software ProductsGentoo+8 more 16Cups Debian LinuxEnterprise Linux+13 more Apr 16, 2026 Jan 27, 2005 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code,...Show more Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.Show less
CVE-2004-1125 3Easy Software Products KdeXpdf 3Cups KdeXpdf Apr 16, 2026 Jan 10, 2005 N/A· v4 N/A· v3 9.3 HIGH· v2 Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of s...Show more Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.Show less
CVE-2003-0434 4Adobe MandrakesoftRedhat+1 more 7Acrobat Enterprise LinuxLinux+4 more Apr 16, 2026 Jul 24, 2003 N/A· v4 N/A· v3 7.5 HIGH· v2 Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.
CVE-2002-1384 2Easy Software Products Xpdf 2Cups Xpdf Apr 16, 2026 Jan 2, 2003 N/A· v4 N/A· v3 7.2 HIGH· v2 Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-...Show more Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.Show less
CVE-2000-0728 1Xpdf 1Xpdf Apr 16, 2026 Oct 20, 2000 N/A· v4 N/A· v3 7.2 HIGH· v2 xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack.
CVE-2000-0727 1Xpdf 1Xpdf Apr 16, 2026 Oct 20, 2000 N/A· v4 N/A· v3 7.6 HIGH· v2 xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters.