Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Xpdfreader Subscribe
Filtered by product Xpdf
Total 65 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-8103 1 Xpdfreader 1 Xpdf 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-8104 1 Xpdfreader 1 Xpdf 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-8105 1 Xpdfreader 1 Xpdf 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-8106 1 Xpdfreader 1 Xpdf 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-8107 1 Xpdfreader 1 Xpdf 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2019-10021 1 Xpdfreader 1 Xpdf 2019-06-27 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.
CVE-2019-10019 1 Xpdfreader 1 Xpdf 2019-06-27 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.
CVE-2019-10023 1 Xpdfreader 1 Xpdf 2019-06-27 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.
CVE-2019-10020 1 Xpdfreader 1 Xpdf 2019-03-25 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.
CVE-2019-10022 1 Xpdfreader 1 Xpdf 2019-03-25 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.
CVE-2019-10024 1 Xpdfreader 1 Xpdf 2019-03-25 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.
CVE-2019-10025 1 Xpdfreader 1 Xpdf 2019-03-25 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.
CVE-2019-10026 1 Xpdfreader 1 Xpdf 2019-03-25 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.
CVE-2018-18650 1 Xpdfreader 1 Xpdf 2018-12-06 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory.
CVE-2018-18455 1 Xpdfreader 1 Xpdf 2018-11-30 4.3 MEDIUM 5.5 MEDIUM
The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-18456 1 Xpdfreader 1 Xpdf 2018-11-30 4.3 MEDIUM 5.5 MEDIUM
The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-18457 1 Xpdfreader 1 Xpdf 2018-11-30 4.3 MEDIUM 5.5 MEDIUM
The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-18458 1 Xpdfreader 1 Xpdf 2018-11-30 4.3 MEDIUM 5.5 MEDIUM
The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-18459 1 Xpdfreader 1 Xpdf 2018-11-30 4.3 MEDIUM 5.5 MEDIUM
The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-11033 1 Xpdfreader 1 Xpdf 2018-06-19 6.8 MEDIUM 7.8 HIGH
The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.