Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Gnome Subscribe
Filtered by product Gpdf
Total 8 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2009-3608 7 Foolabs, Glyph And Cog, Glyphandcog and 4 more 7 Xpdf, Pdftops, Xpdfreader and 4 more 2023-02-12 9.3 HIGH N/A
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow.
CVE-2009-3609 6 Foolabs, Glyph And Cog, Glyphandcog and 3 more 6 Xpdf, Pdftops, Xpdfreader and 3 more 2023-02-12 4.3 MEDIUM N/A
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL pointer dereference or buffer over-read.
CVE-2009-3604 5 Foolabs, Glyphandcog, Gnome and 2 more 5 Xpdf, Xpdfreader, Gpdf and 2 more 2023-02-12 9.3 HIGH N/A
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does not properly allocate memory, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document that triggers a NULL pointer dereference or a heap-based buffer overflow.
CVE-2006-1244 4 Debian, Gnome, Libextractor and 1 more 4 Debian Linux, Gpdf, Libextractor and 1 more 2018-10-03 7.6 HIGH N/A
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.
CVE-2004-0888 11 Debian, Easy Software Products, Gentoo and 8 more 16 Debian Linux, Cups, Linux and 13 more 2017-10-10 10.0 HIGH N/A
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
CVE-2005-0206 15 Ascii, Cstex, Debian and 12 more 22 Ptex, Cstetex, Debian Linux and 19 more 2017-10-10 7.5 HIGH N/A
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
CVE-2009-4035 3 Gnome, Kde, Xpdf 4 Gpdf, Kdegraphics, Kpdf and 1 more 2017-09-18 9.3 HIGH N/A
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.
CVE-2004-0889 11 Debian, Easy Software Products, Gentoo and 8 more 16 Debian Linux, Cups, Linux and 13 more 2017-07-10 10.0 HIGH N/A
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.