Debian Xpdf vulnerabilities

CVE-2009-3608 [CRITICAL] CVE-2009-3608: poppler - Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3... Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, CUPS pdftops, and teTeX, might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 0.12.2-1) bul

CVE-2009-1144 [MEDIUM] CVE-2009-1144: xpdf - Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2... Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse xpdfrc file in the current working directory, related to an unset SYSTEM_XPDFRC macro in a Gentoo build process that uses the poppler library. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: r

CVE-2009-0147 [MEDIUM] CVE-2009-0147: cups - Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUP... Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap. Scope: local bookworm: resolved bullseye: re

CVE-2009-0166 [MEDIUM] CVE-2009-0166: cups - The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other... The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2009-0146 [MEDIUM] CVE-2009-0146: cups - Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS... Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixi

CVE-2009-0165 [CRITICAL] CVE-2009-0165: xpdf - Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Po... Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has unspecified impact, related to "g*allocn." Scope: local bookworm: resolved (fixed in 3.02-1.4+lenny1) bullseye: resolved (fixed in 3.02-1.4+lenny1) forky: resolved (fixed in 3.02-1.4+lenny1) sid: resolved (fixed in 3.02-1.4+lenny1) t

CVE-2008-2950 [HIGH] CVE-2008-2950: poppler - The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier delete... The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document. Scope: local bookworm: resolved (fixed in 0.8.4-1.1) bullseye: resolved (fixed in 0.8.4-1.1) forky: resolved (fixed in 0.8.4-1.1)

CVE-2008-1693 [MEDIUM] CVE-2008-1693: poppler - The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before... The CairoFont::create function in CairoFontEngine.cc in Poppler, possibly before 0.8.0, as used in Xpdf, Evince, ePDFview, KWord, and other applications, does not properly handle embedded fonts in PDF files, which allows remote attackers to execute arbitrary code via a crafted font object, related to dereferencing a function pointer associated with the type of this

CVE-2007-5392 [CRITICAL] CVE-2007-5392: cups - Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p1... Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 1.1.22-7) bullseye: resolved (fixed in 1.1.22-7) forky: resolved (fixed in 1.1.22-7) sid: resolved (fixed in 1.1.22-7) trixie: r

CVE-2007-5393 [CRITICAL] CVE-2007-5393: cups - Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream... Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter. Scope: local bookworm: resolved (fixed in 1.1.22-7) bullseye: resolved (fixed in 1.1.22-7) forky: resolved (fixed in 1.1.22-7) sid: resolved (fixed in 1.1.22

CVE-2007-4352 [HIGH] CVE-2007-4352: cups - Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Strea... Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file. Scope: local bookworm: resolved (fixed in 1.1.22-7) bullseye: resolved (fixed in 1.1.22-7) forky: re

CVE-2007-3387 [MEDIUM] CVE-2007-3387: cups - Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, ... Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine fu

CVE-2007-0104 [MEDIUM] CVE-2007-0104: poppler - The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) k... The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a cr

CVE-2006-0301 [HIGH] CVE-2006-0301: libextractor - Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such ... Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Scope: local b

CVE-2006-1244 [MEDIUM] CVE-2006-1244: xpdf - Unspecified vulnerability in certain versions of xpdf after 3.00, as used in var... Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this descri

CVE-2005-3625 [CRITICAL] CVE-2005-3625: cups - Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, l... Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." Scope: local bookworm: resolved (fixed in 1.1.22-7) bullseye: resolved

CVE-2005-0206 [CRITICAL] CVE-2005-0206: cups - The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-088... The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. Scope: local bookworm: resolved (fixed in 1.1.22-7) bullseye: resolved (fixed in 1.1.22-7) forky: resolved (fixed in 1.1.22-7) si

CVE-2005-3628 [HIGH] CVE-2005-3628: cups - Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xp... Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors. Scope: local bookworm: resolved (fixed in 1.1.22-7) bullseye: resolved (fixed in 1.1.22-7) f

CVE-2005-0064 [HIGH] CVE-2005-0064: cups - Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.0... Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value. Scope: local bookworm: resolved (fixed in 1.1.22-6) bullseye: resolved (fixed in 1.1.22-6) forky: resolved (fixed in 1.1.22-6) sid: resolved (fixed in 1.1.22-6) trixie

CVE-2005-3627 [HIGH] CVE-2005-3627: cups - Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, t... Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index