Total
82 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9878 | 2 Pdfalto Project, Xpdfreader | 2 Pdfalto, Xpdf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
|
|||||
| CVE-2019-9877 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
|
|||||
| CVE-2019-10026 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.
|
|||||
| CVE-2019-10025 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.
|
|||||
| CVE-2019-10024 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.
|
|||||
| CVE-2019-10023 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.
|
|||||
| CVE-2019-10022 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.
|
|||||
| CVE-2019-10021 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.
|
|||||
| CVE-2019-10020 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.
|
|||||
| CVE-2019-10019 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.
|
|||||
| CVE-2019-10018 | 3 Canonical, Debian, Xpdfreader | 3 Ubuntu Linux, Debian Linux, Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.
|
|||||
| CVE-2018-8107 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
|
|||||
| CVE-2018-8106 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
|
|||||
| CVE-2018-8105 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
|
|||||
| CVE-2018-8104 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
|
|||||
| CVE-2018-8103 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
|
|||||
| CVE-2018-8102 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
|
|||||
| CVE-2018-8101 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
|
|||||
| CVE-2018-8100 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml.
|
|||||
| CVE-2018-7455 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
|
|||||
| CVE-2018-7454 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
|
|||||
| CVE-2018-7453 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.
|
|||||
| CVE-2018-7452 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
|
|||||
| CVE-2018-7175 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components.
|
|||||
| CVE-2018-7174 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams.
|
|||||
| CVE-2018-7173 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.
|
|||||
| CVE-2018-18651 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file.
|
|||||
| CVE-2018-18650 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory.
|
|||||
| CVE-2018-18459 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
|
|||||
| CVE-2018-18458 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
|
|||||
| CVE-2018-18457 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
|
|||||
| CVE-2018-18456 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
|
|||||
| CVE-2018-18455 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
|
|||||
| CVE-2018-18454 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
|
|||||
| CVE-2018-16369 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.
|
|||||
| CVE-2018-16368 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
|
|||||
| CVE-2018-11033 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.
|
|||||
| CVE-2012-2142 | 4 Freedesktop, Opensuse, Redhat and 1 more | 4 Poppler, Opensuse, Enterprise Linux and 1 more | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
|
|||||
| CVE-2010-0207 | 2 Debian, Xpdfreader | 2 Debian Linux, Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.
|
|||||
| CVE-2010-0206 | 2 Debian, Xpdfreader | 2 Debian Linux, Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects.
|
|||||