Debian Xpdf vulnerabilities

CVE-2019-16927 [MEDIUM] CVE-2019-16927: xpdf - Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage:... Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-16088 [MEDIUM] CVE-2019-16088: xpdf - Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to ... Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-14293 [MEDIUM] CVE-2019-14293: xpdf - An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the f... An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-13288 [MEDIUM] CVE-2019-13288: xpdf - In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite r... In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2019-13281 [HIGH] CVE-2019-13281: xpdf - In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::d... In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact. Scope:

CVE-2019-16115 [HIGH] CVE-2019-16115: xpdf - In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityF... In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact. Scope: local bookw

CVE-2018-8103 [MEDIUM] CVE-2018-8103: xpdf - The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allow... The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-7174 [MEDIUM] CVE-2018-7174: xpdf - An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an a... An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-8100 [HIGH] CVE-2018-8100: xpdf - The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attacke... The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-18458 [MEDIUM] CVE-2018-18458: xpdf - The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote atta... The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-11033 [HIGH] CVE-2018-11033: xpdf - The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf befo... The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-18457 [MEDIUM] CVE-2018-18457: xpdf - The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attacke... The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-18650 [MEDIUM] CVE-2018-18650: xpdf - An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows att... An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory. Scope: local bookworm: resolved bullseye: resolved forky: resolve

CVE-2018-8101 [MEDIUM] CVE-2018-8101: xpdf - The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allow... The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-8104 [MEDIUM] CVE-2018-8104: xpdf - The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to l... The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-8106 [MEDIUM] CVE-2018-8106: xpdf - The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows att... The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-7455 [MEDIUM] CVE-2018-7455: xpdf - An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 al... An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-7175 [MEDIUM] CVE-2018-7175: xpdf - An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestre... An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-7173 [MEDIUM] CVE-2018-7173: xpdf - A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker t... A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-8102 [MEDIUM] CVE-2018-8102: xpdf - The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows... The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open