Debian Xpdf vulnerabilities

CVE-2018-18455 [MEDIUM] CVE-2018-18455: xpdf - The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers t... The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-7453 [MEDIUM] CVE-2018-7453: xpdf - Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows att... Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-7454 [MEDIUM] CVE-2018-7454: xpdf - A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 all... A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-16369 [MEDIUM] CVE-2018-16369: xpdf - XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of... XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-18456 [MEDIUM] CVE-2018-18456: xpdf - The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in ... The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-8107 [MEDIUM] CVE-2018-8107: xpdf - The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to l... The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-18651 [MEDIUM] CVE-2018-18651: xpdf - An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allo... An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie

CVE-2018-8105 [MEDIUM] CVE-2018-8105: xpdf - The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attacker... The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-16368 [MEDIUM] CVE-2018-16368: xpdf - SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote at... SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-18459 [MEDIUM] CVE-2018-18459: xpdf - The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attacke... The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-7452 [MEDIUM] CVE-2018-7452: xpdf - A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.0... A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-18454 [MEDIUM] CVE-2018-18454: xpdf - CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to c... CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2013-4472 [LOW] CVE-2013-4472: poppler - The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier... The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2012-2142 [HIGH] CVE-2012-2142: poppler - The error function in Error.cc in poppler before 0.21.4 allows remote attackers ... The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. Scope: local bookworm: resolved (fixed in 0.18.4-7) bullseye: resolved (fixed in 0.18.4-7) forky: resolved (fixed in 0.18.4-7) sid: resolved (fixed in 0.18.4-7) trixie: resolved (fixed in 0.18.4-

CVE-2011-1554 [MEDIUM] CVE-2011-1554: poppler - Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teT... Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764. Scop

CVE-2011-2902 [MEDIUM] CVE-2011-2902: xpdf - zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1... zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name. Scope: local bookworm: resolved (fixed in 3.02-19) bullseye: resolved (fixed in 3.02-19) forky: resolved (fixed in 3.02-19) sid: resolv

CVE-2011-0764 [MEDIUM] CVE-2011-0764: poppler - t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other produc... t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: r

CVE-2011-1552 [MEDIUM] CVE-2011-1552: poppler - t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other produc... t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resol

CVE-2011-1553 [MEDIUM] CVE-2011-1553: poppler - Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before ... Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764. Scope: local bookworm: resolved bullseye:

CVE-2010-4654 [HIGH] CVE-2010-4654: poppler - poppler before 0.16.3 has malformed commands that may cause corruption of the in... poppler before 0.16.3 has malformed commands that may cause corruption of the internal stack. Scope: local bookworm: resolved (fixed in 0.16.3-1) bullseye: resolved (fixed in 0.16.3-1) forky: resolved (fixed in 0.16.3-1) sid: resolved (fixed in 0.16.3-1) trixie: resolved (fixed in 0.16.3-1)