Xpdfreader Xpdf vulnerabilities

CVE-2022-43071 [MEDIUM] CWE-787 CVE-2022-43071: A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

CVE-2022-43295 [MEDIUM] CWE-787 CVE-2022-43295: XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/St XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795.

CVE-2022-41843 [MEDIUM] CVE-2022-41843: An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a di An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.

CVE-2022-41844 [MEDIUM] CVE-2022-41844: An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpd An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.

CVE-2022-41842 [MEDIUM] CWE-787 CVE-2022-41842: An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile. An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.

CVE-2022-38222 [HIGH] CWE-416 CVE-2022-38222: There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It c There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.

CVE-2022-38928 [HIGH] CWE-476 CVE-2022-38928: XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393. XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.

CVE-2022-38334 [MEDIUM] CWE-674 CVE-2022-38334: XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPag XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.

CVE-2022-36561 [MEDIUM] CVE-2022-36561: XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:5 XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.

CVE-2022-38171 [HIGH] CWE-190 CVE-2022-38171: Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextR Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).

CVE-2022-33108 [HIGH] CWE-787 CVE-2022-33108: XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of ob XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.

CVE-2021-27548 [MEDIUM] CWE-476 CVE-2021-27548: There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScann There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.

CVE-2022-30775 [MEDIUM] CWE-770 CVE-2022-30775: xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (fo xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.

CVE-2022-30524 [HIGH] CWE-787 CVE-2022-30524: There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because th There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have uns

CVE-2022-27135 [MEDIUM] CWE-787 CVE-2022-27135: xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.

CVE-2021-30860 [HIGH] CWE-190 CVE-2021-30860: An integer overflow was addressed with improved input validation. This issue is fixed in Security Up An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

CVE-2020-35376 [HIGH] CWE-787 CVE-2020-35376: Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font ch Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.

CVE-2020-25725 [MEDIUM] CWE-416 CVE-2020-25725: In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to us In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.

CVE-2020-24996 [HIGH] CWE-665 CVE-2020-24996: There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

CVE-2020-24999 [HIGH] CWE-787 CVE-2020-24999: There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.