Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Xpdfreader Subscribe
Total 65 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-10018 3 Canonical, Debian, Xpdfreader 3 Ubuntu Linux, Debian Linux, Xpdf 2023-03-01 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.
CVE-2022-45586 1 Xpdfreader 1 Xpdf 2023-02-24 N/A 5.5 MEDIUM
Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service.
CVE-2022-45587 1 Xpdfreader 1 Xpdf 2023-02-24 N/A 5.5 MEDIUM
Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.
CVE-2007-3387 6 Apple, Canonical, Debian and 3 more 6 Cups, Ubuntu Linux, Debian Linux and 3 more 2023-02-12 6.8 MEDIUM N/A
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
CVE-2020-25725 2 Fedoraproject, Xpdfreader 2 Fedora, Xpdf 2023-02-12 4.3 MEDIUM 5.5 MEDIUM
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.
CVE-2021-36493 1 Xpdfreader 1 Xpdf 2023-02-09 N/A 7.5 HIGH
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.
CVE-2022-38334 1 Xpdfreader 1 Xpdf 2023-01-31 N/A 5.5 MEDIUM
XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.
CVE-2022-43071 1 Xpdfreader 1 Xpdf 2022-11-22 N/A 5.5 MEDIUM
A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2022-43295 1 Xpdfreader 1 Xpdf 2022-11-16 N/A 5.5 MEDIUM
XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795.
CVE-2022-38171 2 Freedesktop, Xpdfreader 2 Poppler, Xpdf 2022-10-27 N/A 7.8 HIGH
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
CVE-2022-41844 1 Xpdfreader 1 Xpdf 2022-10-03 N/A 5.5 MEDIUM
An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.
CVE-2022-41842 1 Xpdfreader 1 Xpdf 2022-10-03 N/A 5.5 MEDIUM
An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.
CVE-2022-41843 1 Xpdfreader 1 Xpdf 2022-10-03 N/A 5.5 MEDIUM
An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.
CVE-2022-38222 1 Xpdfreader 1 Xpdf 2022-09-30 N/A 7.8 HIGH
There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
CVE-2021-30860 3 Apple, Freedesktop, Xpdfreader 7 Ipados, Iphone Os, Mac Os X and 4 more 2022-09-30 6.8 MEDIUM 7.8 HIGH
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVE-2022-38928 1 Xpdfreader 1 Xpdf 2022-09-22 N/A 7.8 HIGH
XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.
CVE-2022-36561 1 Xpdfreader 1 Xpdf 2022-09-01 N/A 5.5 MEDIUM
XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.
CVE-2022-33108 1 Xpdfreader 1 Xpdf 2022-07-08 6.8 MEDIUM 7.8 HIGH
XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.
CVE-2021-27548 1 Xpdfreader 1 Xpdf 2022-05-25 4.3 MEDIUM 5.5 MEDIUM
There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.
CVE-2022-30775 1 Xpdfreader 1 Xpdf 2022-05-24 4.3 MEDIUM 5.5 MEDIUM
xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.