Debian Xpdf vulnerabilities

CVE-2022-38236 [HIGH] CVE-2022-38236: xpdf - XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer... XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at /xpdf/Lexer.cc. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-33108 [HIGH] CVE-2022-33108: xpdf - XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Obje... XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-24107 [HIGH] CVE-2022-24107: xpdf - Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-38231 [HIGH] CVE-2022-38231: xpdf - XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStre... XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::getChar() at /xpdf/Stream.cc. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-38334 [MEDIUM] CVE-2022-38334: xpdf - XPDF v4.04 and earlier was discovered to contain a stack overflow via the functi... XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-41842 [MEDIUM] CVE-2022-41842: xpdf - An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long... An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-43071 [MEDIUM] CVE-2022-43071: xpdf - A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4... A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-41844 [MEDIUM] CVE-2022-41844: xpdf - An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, ... An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-38228 [HIGH] CVE-2022-38228: xpdf - XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStre... XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-38237 [HIGH] CVE-2022-38237: xpdf - XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStre... XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readScan() at /xpdf/Stream.cc. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-27135 [MEDIUM] CVE-2022-27135: xpdf - xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef... xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-38238 [HIGH] CVE-2022-38238: xpdf - XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStre... XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::lookChar() at /xpdf/Stream.cc. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-30775 [MEDIUM] CVE-2022-30775: xpdf - xpdf 4.04 allocates excessive memory when presented with crafted input. This can... xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-30524 [HIGH] CVE-2022-30524: xpdf - There is an invalid memory access in the TextLine class in TextOutputDev.cc in X... There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other imp

CVE-2022-38233 [MEDIUM] CVE-2022-38233: xpdf - XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTSt... XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-36561 [MEDIUM] CVE-2022-36561: xpdf - XPDF v4.0.4 was discovered to contain a segmentation violation via the component... XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-45586 [MEDIUM] CVE-2022-45586: xpdf - Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04... Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-38235 [MEDIUM] CVE-2022-38235: xpdf - XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTSt... XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-45587 [MEDIUM] CVE-2022-45587: xpdf - Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, al... Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2022-41843 [HIGH] CVE-2022-41843: xpdf - An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi... An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved