Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Glyphandcog Subscribe
Total 55 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-13283 2 Fedoraproject, Glyphandcog 2 Fedora, Xpdfreader 2023-03-01 6.8 MEDIUM 7.8 HIGH
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
CVE-2019-13286 2 Fedoraproject, Glyphandcog 2 Fedora, Xpdfreader 2023-03-01 4.3 MEDIUM 5.5 MEDIUM
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure.
CVE-2019-13282 2 Fedoraproject, Glyphandcog 2 Fedora, Xpdfreader 2023-03-01 6.8 MEDIUM 7.8 HIGH
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
CVE-2019-13281 2 Fedoraproject, Glyphandcog 2 Fedora, Xpdfreader 2023-03-01 6.8 MEDIUM 7.8 HIGH
In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact.
CVE-2009-3609 6 Foolabs, Glyph And Cog, Glyphandcog and 3 more 6 Xpdf, Pdftops, Xpdfreader and 3 more 2023-02-12 4.3 MEDIUM N/A
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
CVE-2009-3608 7 Foolabs, Glyph And Cog, Glyphandcog and 4 more 7 Xpdf, Pdftops, Xpdfreader and 4 more 2023-02-12 9.3 HIGH N/A
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
CVE-2009-3606 4 Foolabs, Glyphandcog, Kde and 1 more 4 Xpdf, Xpdfreader, Kpdf and 1 more 2023-02-12 9.3 HIGH N/A
Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
CVE-2009-1181 4 Apple, Foolabs, Glyphandcog and 1 more 4 Cups, Xpdf, Xpdfreader and 1 more 2023-02-12 4.3 MEDIUM N/A
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.
CVE-2009-1179 4 Apple, Foolabs, Glyphandcog and 1 more 4 Cups, Xpdf, Xpdfreader and 1 more 2023-02-12 6.8 MEDIUM N/A
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2009-0800 4 Apple, Foolabs, Glyphandcog and 1 more 4 Cups, Xpdf, Xpdfreader and 1 more 2023-02-12 6.8 MEDIUM N/A
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
CVE-2009-3603 3 Foolabs, Glyphandcog, Poppler 3 Xpdf, Xpdfreader, Poppler 2023-02-12 9.3 HIGH N/A
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188.
CVE-2009-1183 4 Apple, Foolabs, Glyphandcog and 1 more 4 Cups, Xpdf, Xpdfreader and 1 more 2023-02-12 4.3 MEDIUM N/A
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
CVE-2009-3604 5 Foolabs, Glyphandcog, Gnome and 2 more 5 Xpdf, Xpdfreader, Gpdf and 2 more 2023-02-12 9.3 HIGH N/A
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
CVE-2021-40226 1 Glyphandcog 1 Xpdfreader 2022-11-15 N/A 7.5 HIGH
xpdfreader 4.03 is vulnerable to Buffer Overflow.
CVE-2022-24106 1 Glyphandcog 1 Xpdfreader 2022-10-18 N/A 7.8 HIGH
In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.
CVE-2022-24107 1 Glyphandcog 1 Xpdfreader 2022-10-18 N/A 7.8 HIGH
Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.
CVE-2019-12957 2 Fedoraproject, Glyphandcog 2 Fedora, Xpdfreader 2022-01-01 6.8 MEDIUM 7.8 HIGH
In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
CVE-2019-14294 1 Glyphandcog 1 Xpdfreader 2020-08-24 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read.
CVE-2019-15860 1 Glyphandcog 1 Xpdfreader 2020-08-24 4.3 MEDIUM 5.5 MEDIUM
Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002.
CVE-2019-13291 1 Glyphandcog 1 Xpdfreader 2020-08-24 4.3 MEDIUM 5.5 MEDIUM
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure.