Glyphandcog Xpdfreader vulnerabilities

CVE-2022-24107 [HIGH] CWE-190 CVE-2022-24107: Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.

CVE-2022-24106 [HIGH] CWE-190 CVE-2022-24106: In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.

CVE-2019-17064 [MEDIUM] CWE-476 CVE-2019-17064: Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.

CVE-2019-16115 [HIGH] CWE-125 CVE-2019-16115: In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform i In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact.

CVE-2019-16088 [MEDIUM] CWE-674 CVE-2019-16088: Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTr Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc.

CVE-2019-15860 [MEDIUM] CWE-476 CVE-2019-15860: Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002.

CVE-2019-14288 [HIGH] CWE-190 CVE-2019-14288: An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::c An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case.

CVE-2019-14290 [MEDIUM] CWE-125 CVE-2019-14290: An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMesh An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2.

CVE-2019-14289 [MEDIUM] CWE-190 CVE-2019-14289: An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::c An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case.

CVE-2019-14292 [MEDIUM] CWE-125 CVE-2019-14292: An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMesh An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1.

CVE-2019-14293 [MEDIUM] CWE-125 CVE-2019-14293: An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMesh An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2.

CVE-2019-14291 [MEDIUM] CWE-125 CVE-2019-14291: An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMesh An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3.

CVE-2019-14294 [MEDIUM] CWE-125 CVE-2019-14294: An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillRe An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read.

CVE-2019-13282 [HIGH] CWE-125 CVE-2019-13282: In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in F In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly ha

CVE-2019-13283 [HIGH] CWE-125 CVE-2019-13283: In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse i In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf

CVE-2019-13281 [HIGH] CWE-787 CVE-2019-13281: In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stre In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified ot

CVE-2019-13289 [HIGH] CWE-416 CVE-2019-13289: In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() locate In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool.

CVE-2019-13286 [MEDIUM] CWE-125 CVE-2019-13286: In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionS In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure.

CVE-2019-13291 [MEDIUM] CWE-125 CVE-2019-13291: In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() locate In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure.

CVE-2019-13287 [MEDIUM] CVE-2019-13287: In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdj In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368.