Debian Xpdf vulnerabilities

CVE-2019-10022 [MEDIUM] CVE-2019-10022: xpdf - An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in ... An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-10025 [MEDIUM] CVE-2019-10025: xpdf - An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageSt... An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-14291 [MEDIUM] CVE-2019-14291: xpdf - An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the f... An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-9587 [HIGH] CVE-2019-9587: xpdf - There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf ... There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree. Scope: local bookworm: resolved bullseye:

CVE-2019-13286 [MEDIUM] CVE-2019-13286: xpdf - In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Str... In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie

CVE-2019-10019 [MEDIUM] CVE-2019-10019: xpdf - An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutpu... An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-10021 [MEDIUM] CVE-2019-10021: xpdf - An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageSt... An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-10024 [MEDIUM] CVE-2019-10024: xpdf - An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash:... An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-14290 [MEDIUM] CVE-2019-14290: xpdf - An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the f... An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-12515 [HIGH] CVE-2019-12515: xpdf - There is an out-of-bounds read vulnerability in the function FlateStream::getCha... There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: reso

CVE-2019-9589 [HIGH] CVE-2019-9589: xpdf - There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources... There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. Scope: local bookworm: resolved bullseye: resolved

CVE-2019-14294 [MEDIUM] CVE-2019-14294: xpdf - An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the functi... An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-15860 [MEDIUM] CVE-2019-15860: xpdf - Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a ve... Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-9878 [HIGH] CVE-2019-9878: xpdf - There is an invalid memory access in the function GfxIndexedColorSpace::mapColor... There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. Scope: local bookworm:

CVE-2019-14292 [MEDIUM] CVE-2019-14292: xpdf - An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the f... An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-13283 [HIGH] CVE-2019-13283: xpdf - In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy fro... In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Deni

CVE-2019-14289 [MEDIUM] CVE-2019-14289: xpdf - An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the fun... An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-12958 [MEDIUM] CVE-2019-12958: xpdf - In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C:... In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-14288 [HIGH] CVE-2019-14288: xpdf - An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the fun... An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-13282 [HIGH] CVE-2019-13282: xpdf - In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunc... In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified oth