Xpdfreader Xpdf vulnerabilities

82 known vulnerabilities affecting xpdfreader/xpdf.

Total CVEs
82
CISA KEV
1
actively exploited
Public exploits
0
Exploited in wild
1
Severity breakdown
HIGH16MEDIUM60LOW6

Vulnerabilities

Page 3 of 5
CVE-2012-2142HIGHCVSS 7.8v3.022020-01-09
CVE-2012-2142 [HIGH] CVE-2012-2142: The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
nvd
CVE-2010-0207MEDIUMCVSS 5.5v3.03-17v3.04-4+1 more2019-10-30
CVE-2010-0207 [MEDIUM] CWE-835 CVE-2010-0207: In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.
nvd
CVE-2010-0206MEDIUMCVSS 5.5v3.03-17v3.04-4+1 more2019-10-30
CVE-2010-0206 [MEDIUM] CWE-476 CVE-2010-0206: xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in th xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects.
nvd
CVE-2019-10026MEDIUMCVSS 5.5v4.01.012019-03-25
CVE-2019-10026 [MEDIUM] CWE-369 CVE-2019-10026: An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.
nvd
CVE-2019-10022MEDIUMCVSS 5.5v4.01.012019-03-25
CVE-2019-10022 [MEDIUM] CWE-476 CVE-2019-10022: An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::op An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.
nvd
CVE-2019-10024MEDIUMCVSS 5.5v4.01.012019-03-25
CVE-2019-10024 [MEDIUM] CWE-369 CVE-2019-10024: An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at S An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.
nvd
CVE-2019-10020MEDIUMCVSS 5.5v4.01.012019-03-25
CVE-2019-10020 [MEDIUM] CWE-369 CVE-2019-10020: An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at S An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.
nvd
CVE-2019-10018MEDIUMCVSS 5.5v4.01.012019-03-25
CVE-2019-10018 [MEDIUM] CWE-369 CVE-2019-10018: An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.
nvd
CVE-2019-10019MEDIUMCVSS 5.5v4.01.012019-03-25
CVE-2019-10019 [MEDIUM] CWE-369 CVE-2019-10019: An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.
nvd
CVE-2019-10023MEDIUMCVSS 5.5v4.01.012019-03-25
CVE-2019-10023 [MEDIUM] CWE-369 CVE-2019-10023: An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.
nvd
CVE-2019-10025MEDIUMCVSS 5.5v4.01.012019-03-25
CVE-2019-10025 [MEDIUM] CWE-369 CVE-2019-10025: An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.
nvd
CVE-2019-10021MEDIUMCVSS 5.5v4.01.012019-03-25
CVE-2019-10021 [MEDIUM] CWE-369 CVE-2019-10021: An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.
nvd
CVE-2019-9878HIGHCVSS 7.8v4.0.02019-03-21
CVE-2019-9878 [HIGH] CWE-125 CVE-2019-9878: There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
nvd
CVE-2019-9877HIGHCVSS 7.8v4.0.12019-03-21
CVE-2019-9877 [HIGH] CWE-125 CVE-2019-9877: There is an invalid memory access vulnerability in the function TextPage::findGaps() located at Text There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
nvd
CVE-2018-18650MEDIUMCVSS 5.5v4.002018-10-25
CVE-2018-18650 [MEDIUM] CWE-190 CVE-2018-18650: An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a d An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory.
nvd
CVE-2018-18651MEDIUMCVSS 5.5v4.002018-10-25
CVE-2018-18651 [MEDIUM] CWE-834 CVE-2018-18651: An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to laun An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file.
nvd
CVE-2018-18459MEDIUMCVSS 5.5v4.002018-10-18
CVE-2018-18459 [MEDIUM] CWE-476 CVE-2018-18459: The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
nvd
CVE-2018-18458MEDIUMCVSS 5.5v4.002018-10-18
CVE-2018-18458 [MEDIUM] CWE-476 CVE-2018-18458: The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a den The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
nvd
CVE-2018-18456MEDIUMCVSS 5.5v4.002018-10-18
CVE-2018-18456 [MEDIUM] CWE-125 CVE-2018-18456: The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows rem The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
nvd
CVE-2018-18454MEDIUMCVSS 5.5v4.002018-10-18
CVE-2018-18454 [MEDIUM] CWE-125 CVE-2018-18454: CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of ser CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
nvd
← Previous3 / 5Next →
Xpdfreader Xpdf vulnerabilities | cvebase