Total
72 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-26930 | 1 Xpdfreader | 1 Xpdf | 2024-05-17 | N/A | 5.5 MEDIUM |
| Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.” | |||||
| CVE-2021-30860 | 3 Apple, Freedesktop, Xpdfreader | 7 Ipados, Iphone Os, Mac Os X and 4 more | 2024-02-02 | 6.8 MEDIUM | 7.8 HIGH |
| An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. | |||||
| CVE-2020-25725 | 2 Fedoraproject, Xpdfreader | 2 Fedora, Xpdf | 2023-12-13 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font. | |||||
| CVE-2020-35376 | 2 Fedoraproject, Xpdfreader | 2 Fedora, Xpdf | 2023-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function. | |||||
| CVE-2022-48545 | 1 Xpdfreader | 1 Xpdf | 2023-08-28 | N/A | 5.5 MEDIUM |
| An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02. | |||||
| CVE-2022-41844 | 1 Xpdfreader | 1 Xpdf | 2023-08-08 | N/A | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088. | |||||
| CVE-2022-41842 | 1 Xpdfreader | 1 Xpdf | 2023-08-08 | N/A | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc. | |||||
| CVE-2023-3436 | 1 Xpdfreader | 1 Xpdf | 2023-07-06 | N/A | 3.3 LOW |
| Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream. | |||||
| CVE-2023-3044 | 1 Xpdfreader | 1 Xpdf | 2023-06-13 | N/A | 3.3 LOW |
| An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate. | |||||
| CVE-2023-2662 | 1 Xpdfreader | 1 Xpdf | 2023-05-17 | N/A | 5.5 MEDIUM |
| In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero. | |||||
| CVE-2023-2663 | 1 Xpdfreader | 1 Xpdf | 2023-05-17 | N/A | 5.5 MEDIUM |
| In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow. | |||||
| CVE-2023-2664 | 1 Xpdfreader | 1 Xpdf | 2023-05-17 | N/A | 5.5 MEDIUM |
| In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow. | |||||
| CVE-2019-10018 | 3 Canonical, Debian, Xpdfreader | 3 Ubuntu Linux, Debian Linux, Xpdf | 2023-03-01 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. | |||||
| CVE-2022-45586 | 1 Xpdfreader | 1 Xpdf | 2023-02-24 | N/A | 5.5 MEDIUM |
| Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service. | |||||
| CVE-2022-45587 | 1 Xpdfreader | 1 Xpdf | 2023-02-24 | N/A | 5.5 MEDIUM |
| Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service. | |||||
| CVE-2007-3387 | 6 Apple, Canonical, Debian and 3 more | 6 Cups, Ubuntu Linux, Debian Linux and 3 more | 2023-02-13 | 6.8 MEDIUM | N/A |
| Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. | |||||
| CVE-2021-36493 | 1 Xpdfreader | 1 Xpdf | 2023-02-09 | N/A | 7.5 HIGH |
| Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command. | |||||
| CVE-2022-38334 | 1 Xpdfreader | 1 Xpdf | 2023-01-31 | N/A | 5.5 MEDIUM |
| XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc. | |||||
| CVE-2022-43071 | 1 Xpdfreader | 1 Xpdf | 2022-11-22 | N/A | 5.5 MEDIUM |
| A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | |||||
| CVE-2022-43295 | 1 Xpdfreader | 1 Xpdf | 2022-11-17 | N/A | 5.5 MEDIUM |
| XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795. | |||||