Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern...
2.9CVSS
7.6AI Score
0.0004EPSS
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in...
2.9CVSS
7.4AI Score
0.0004EPSS
In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack...
2.9CVSS
7.3AI Score
0.0004EPSS
In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack...
2.9CVSS
7.3AI Score
0.0004EPSS
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF...
2.9CVSS
7.4AI Score
0.0004EPSS
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf...
5.5CVSS
5.4AI Score
0.0004EPSS
Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object...
3.3CVSS
4.2AI Score
0.0004EPSS
An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character...
3.3CVSS
5.2AI Score
0.0004EPSS
In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack...
5.5CVSS
5.3AI Score
0.0004EPSS
In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack...
5.5CVSS
5.3AI Score
0.0004EPSS
In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a...
5.5CVSS
5.4AI Score
0.0004EPSS
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory...
5.5CVSS
5.4AI Score
0.0004EPSS
Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of...
5.5CVSS
5.4AI Score
0.0004EPSS
Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of...
5.5CVSS
5.4AI Score
0.0004EPSS
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted...
7.5CVSS
7.5AI Score
0.001EPSS
A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF...
5.5CVSS
5.4AI Score
0.0005EPSS
XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at...
5.5CVSS
5.7AI Score
0.0005EPSS
An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and...
5.5CVSS
5.3AI Score
0.001EPSS
An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in...
5.5CVSS
5.4AI Score
0.001EPSS
An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than...
5.5CVSS
6.1AI Score
0.0004EPSS
There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other...
7.8CVSS
8AI Score
0.001EPSS
7.8CVSS
6.1AI Score
0.001EPSS
XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at...
5.5CVSS
5.7AI Score
0.001EPSS
XPDF v4.0.4 was discovered to contain a segmentation violation via the component...
5.5CVSS
5.5AI Score
0.001EPSS
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by...
XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at...
5.5CVSS
5.5AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at...
7.8CVSS
7.8AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::transformDataUnit at...
7.8CVSS
7.7AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at...
5.5CVSS
5.5AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::getChar() at...
7.8CVSS
7.8AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at...
7.8CVSS
7.8AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a stack overflow via __asan_memcpy at...
7.8CVSS
7.8AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at...
5.5CVSS
5.5AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::lookChar() at...
7.8CVSS
7.8AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at...
5.5CVSS
5.5AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readScan() at...
7.8CVSS
7.8AI Score
0.001EPSS
XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc...
7.8CVSS
7.8AI Score
0.001EPSS
There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf...
5.5CVSS
5.4AI Score
0.001EPSS
xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++...
5.5CVSS
5.3AI Score
0.001EPSS
There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a...
7.8CVSS
6AI Score
0.001EPSS
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm...
5.5CVSS
5.7AI Score
0.001EPSS
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp()...
7.5CVSS
7.3AI Score
0.003EPSS
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed t3GlyphStack->cache, which causes an heap-use-after-free problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referr...
5.5CVSS
5.5AI Score
0.001EPSS
There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other...
7.8CVSS
8AI Score
0.001EPSS
There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly...
7.8CVSS
8AI Score
0.001EPSS
xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream...
5.5CVSS
5.4AI Score
0.001EPSS
Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than...
5.5CVSS
6.2AI Score
0.001EPSS
An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in...
5.5CVSS
5.4AI Score
0.001EPSS
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for...
5.5CVSS
6.1AI Score
0.001EPSS
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv...
5.5CVSS
6.2AI Score
0.001EPSS