Xpdfreader

xpdfreader

82 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Xpdf

xpdf

82 CVEs

CVEs (82)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2012-2142 4Freedesktop OpensuseRedhat+1 more 4Enterprise Linux OpensusePoppler+1 more Nov 21, 2024 Jan 9, 2020 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
CVE-2010-0207 1Xpdfreader 1Xpdf Nov 21, 2024 Oct 30, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.
CVE-2010-0206 1Xpdfreader 1Xpdf Nov 21, 2024 Oct 30, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects.
CVE-2019-10026 1Xpdfreader 1Xpdf Nov 21, 2024 Mar 25, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.
CVE-2019-10025 1Xpdfreader 1Xpdf Nov 21, 2024 Mar 25, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.
CVE-2019-10024 1Xpdfreader 1Xpdf Nov 21, 2024 Mar 25, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.
CVE-2019-10023 1Xpdfreader 1Xpdf Nov 21, 2024 Mar 25, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.
CVE-2019-10022 1Xpdfreader 1Xpdf Nov 21, 2024 Mar 25, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.
CVE-2019-10021 1Xpdfreader 1Xpdf Nov 21, 2024 Mar 25, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.
CVE-2019-10020 1Xpdfreader 1Xpdf Nov 21, 2024 Mar 25, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.
CVE-2019-10019 1Xpdfreader 1Xpdf Nov 21, 2024 Mar 25, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.
CVE-2019-10018 3Canonical DebianXpdfreader 3Debian Linux Ubuntu LinuxXpdf Nov 21, 2024 Mar 25, 2019 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.
CVE-2019-9878 2Pdfalto Project Xpdfreader 2Pdfalto Xpdf Nov 21, 2024 Mar 21, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to th...Show more There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.Show less
CVE-2019-9877 1Xpdfreader 1Xpdf Nov 21, 2024 Mar 21, 2019 N/A· v4 7.8 HIGH· v3 6.8 MEDIUM· v2 There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It a...Show more There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.Show less
CVE-2018-18651 1Xpdfreader 1Xpdf Nov 21, 2024 Oct 25, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly...Show more An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file.Show less
CVE-2018-18650 1Xpdfreader 1Xpdf Nov 21, 2024 Oct 25, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainl...Show more An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory.Show less
CVE-2018-18459 1Xpdfreader 1Xpdf Nov 21, 2024 Oct 18, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-18458 1Xpdfreader 1Xpdf Nov 21, 2024 Oct 18, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-18457 1Xpdfreader 1Xpdf Nov 21, 2024 Oct 18, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-18456 1Xpdfreader 1Xpdf Nov 21, 2024 Oct 18, 2018 N/A· v4 5.5 MEDIUM· v3 4.3 MEDIUM· v2 The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdf...Show more The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.Show less

Previous 1 234 5 Next