Total
82 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30860 | 3 Apple, Freedesktop, Xpdfreader | 7 Ipados, Iphone Os, Mac Os X and 4 more | 2025-10-27 | 6.8 MEDIUM | 7.8 HIGH |
|
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
|
|||||
| CVE-2024-7868 | 1 Xpdfreader | 1 Xpdf | 2025-10-06 | N/A | 8.2 HIGH |
|
In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address.
|
|||||
| CVE-2022-38928 | 1 Xpdfreader | 1 Xpdf | 2025-05-27 | N/A | 7.8 HIGH |
|
XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.
|
|||||
| CVE-2022-41844 | 1 Xpdfreader | 1 Xpdf | 2025-05-20 | N/A | 5.5 MEDIUM |
|
An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.
|
|||||
| CVE-2022-41843 | 1 Xpdfreader | 1 Xpdf | 2025-05-20 | N/A | 5.5 MEDIUM |
|
An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.
|
|||||
| CVE-2022-41842 | 1 Xpdfreader | 1 Xpdf | 2025-05-20 | N/A | 5.5 MEDIUM |
|
An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.
|
|||||
| CVE-2022-43295 | 1 Xpdfreader | 1 Xpdf | 2025-05-13 | N/A | 5.5 MEDIUM |
|
XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795.
|
|||||
| CVE-2022-43071 | 1 Xpdfreader | 1 Xpdf | 2025-04-30 | N/A | 5.5 MEDIUM |
|
A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
|
|||||
| CVE-2010-3702 | 9 Apple, Canonical, Debian and 6 more | 11 Cups, Ubuntu Linux, Debian Linux and 8 more | 2025-04-11 | 7.5 HIGH | N/A |
|
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
|
|||||
| CVE-2007-3387 | 6 Apple, Canonical, Debian and 3 more | 6 Cups, Ubuntu Linux, Debian Linux and 3 more | 2025-04-09 | 6.8 MEDIUM | N/A |
|
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.
|
|||||
| CVE-2021-36493 | 1 Xpdfreader | 1 Xpdf | 2025-03-27 | N/A | 7.5 HIGH |
|
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.
|
|||||
| CVE-2022-45587 | 1 Xpdfreader | 1 Xpdf | 2025-03-19 | N/A | 5.5 MEDIUM |
|
Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.
|
|||||
| CVE-2022-45586 | 1 Xpdfreader | 1 Xpdf | 2025-03-19 | N/A | 5.5 MEDIUM |
|
Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service.
|
|||||
| CVE-2024-3247 | 1 Xpdfreader | 1 Xpdf | 2025-01-29 | N/A | 2.9 LOW |
|
In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow.
|
|||||
| CVE-2024-3248 | 1 Xpdfreader | 1 Xpdf | 2025-01-29 | N/A | 2.9 LOW |
|
In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow.
|
|||||
| CVE-2024-3900 | 1 Xpdfreader | 1 Xpdf | 2025-01-29 | N/A | 2.9 LOW |
|
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText.
|
|||||
| CVE-2024-4141 | 1 Xpdfreader | 1 Xpdf | 2025-01-29 | N/A | 2.9 LOW |
|
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers.
|
|||||
| CVE-2024-4568 | 1 Xpdfreader | 1 Xpdf | 2025-01-29 | N/A | 2.9 LOW |
|
In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow.
|
|||||
| CVE-2024-4976 | 1 Xpdfreader | 1 Xpdf | 2025-01-29 | N/A | 5.5 MEDIUM |
|
Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference.
|
|||||
| CVE-2024-2971 | 1 Xpdfreader | 1 Xpdf | 2025-01-29 | N/A | 2.9 LOW |
|
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file.
|
|||||
| CVE-2023-2663 | 1 Xpdfreader | 1 Xpdf | 2025-01-24 | N/A | 2.9 LOW |
|
In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.
|
|||||
| CVE-2023-2662 | 1 Xpdfreader | 1 Xpdf | 2025-01-24 | N/A | 2.9 LOW |
|
In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.
|
|||||
| CVE-2023-3436 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A | 3.3 LOW |
|
Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream.
|
|||||
| CVE-2023-3044 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A | 3.3 LOW |
|
An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code.
This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.
|
|||||
| CVE-2023-2664 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A | 2.9 LOW |
|
In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.
|
|||||
| CVE-2023-26930 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.”
|
|||||
| CVE-2022-48545 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A | 5.5 MEDIUM |
|
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.
|
|||||
| CVE-2022-38334 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A | 5.5 MEDIUM |
|
XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.
|
|||||
| CVE-2022-38222 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A | 7.8 HIGH |
|
There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
|
|||||
| CVE-2022-38171 | 2 Freedesktop, Xpdfreader | 2 Poppler, Xpdf | 2024-11-21 | N/A | 7.8 HIGH |
|
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
|
|||||
| CVE-2022-36561 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | N/A | 5.5 MEDIUM |
|
XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.
|
|||||
| CVE-2022-33108 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.
|
|||||
| CVE-2022-30775 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.
|
|||||
| CVE-2022-30524 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
|
|||||
| CVE-2022-27135 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.
|
|||||
| CVE-2021-27548 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.
|
|||||
| CVE-2020-35376 | 2 Fedoraproject, Xpdfreader | 2 Fedora, Xpdf | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.
|
|||||
| CVE-2020-25725 | 2 Fedoraproject, Xpdfreader | 2 Fedora, Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.0 MEDIUM |
|
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font.
|
|||||
| CVE-2020-24999 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
|
|||||
| CVE-2020-24996 | 1 Xpdfreader | 1 Xpdf | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
|
There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.
|
|||||