Debian Xpdf vulnerabilities

CVE-2026-4407 [LOW] CVE-2026-4407: xpdf - Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation ... Out-of-bounds array write in Xpdf 4.06 and earlier, due to incorrect validation of the "N" field in ICCBased color spaces. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2025-2574 [LOW] CVE-2025-2574: xpdf - Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect integer ove... Out-of-bounds array write in Xpdf 4.05 and earlier, due to incorrect integer overflow checking in the PostScript function interpreter code. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2025-11896 [LOW] CVE-2025-11896: xpdf - In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry... In Xpdf 4.05 (and earlier), a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2025-3154 [LOW] CVE-2025-3154: xpdf - Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid Vert... Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid VerticesPerRow value in a PDF shading dictionary. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2024-3247 [LOW] CVE-2024-3247: xpdf - In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infin... In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2024-7867 [LOW] CVE-2024-7867: xpdf - In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an in... In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2024-7868 [LOW] CVE-2024-7868: xpdf - In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead ... In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2024-3248 [LOW] CVE-2024-3248: xpdf - In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infini... In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2024-7866 [LOW] CVE-2024-7866: xpdf - In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to inf... In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2023-26930 [MEDIUM] CVE-2023-26930: xpdf - Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a... Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.” Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2023-2662 [LOW] CVE-2023-2662: xpdf - In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can c... In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2023-2663 [LOW] CVE-2023-2663: xpdf - In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to in... In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2023-2664 [LOW] CVE-2023-2664: xpdf - In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to... In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2023-3044 [HIGH] CVE-2023-3044: xpdf - An excessively large PDF page size (found in fuzz testing, unlikely in normal PD... An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolv

CVE-2023-3436 [LOW] CVE-2023-3436: xpdf - Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in... Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-38229 [HIGH] CVE-2022-38229: xpdf - XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStre... XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-38222 [HIGH] CVE-2022-38222: xpdf - There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.c... There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resol

CVE-2022-48545 [MEDIUM] CVE-2022-48545: xpdf - An infinite recursion in Catalog::findDestInTree can cause denial of service for... An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-38234 [MEDIUM] CVE-2022-38234: xpdf - XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer... XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at /xpdf/Lexer.cc. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-43295 [MEDIUM] CVE-2022-43295: xpdf - XPDF v4.04 was discovered to contain a stack overflow via the function FileStrea... XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved