Xpdf Security Vulnerabilities

CVE-2024-4141

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern...

CVE-2024-3900

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in...

CVE-2024-3248

In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack...

CVE-2024-3247

In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack...

CVE-2024-2971

Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF...

CVE-2022-48545

An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf...

CVE-2023-3436

Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object...

CVE-2023-3044

An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character...

CVE-2023-2664

In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack...

CVE-2023-2663

In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack...

CVE-2023-2662

In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a...

CVE-2023-26930

Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory...

CVE-2022-45587

Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of...

CVE-2022-45586

Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of...

CVE-2021-36493

Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted...

CVE-2022-43071

A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF...

CVE-2022-43295

XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at...

CVE-2022-41844

An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and...

CVE-2022-41842

An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in...

CVE-2022-41843

An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than...

CVE-2022-38222

There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other...

CVE-2022-38928

XPDF 4.04 is vulnerable to Null Pointer Dereference in...

CVE-2022-38334

XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at...

CVE-2022-36561

XPDF v4.0.4 was discovered to contain a segmentation violation via the component...

CVE-2022-38171

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by...

CVE-2022-38230

XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at...

CVE-2022-38229

XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at...

CVE-2022-38228

XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::transformDataUnit at...

CVE-2022-38233

XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at...

CVE-2022-38231

XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::getChar() at...

CVE-2022-38236

XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at...

CVE-2022-38227

XPDF commit ffaf11c was discovered to contain a stack overflow via __asan_memcpy at...

CVE-2022-38235

XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at...

CVE-2022-38238

XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::lookChar() at...

CVE-2022-38234

XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at...

CVE-2022-38237

XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readScan() at...

CVE-2022-33108

XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc...

CVE-2021-27548

There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf...

CVE-2022-30775

xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++...

CVE-2022-30524

There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a...

CVE-2022-27135

xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm...

CVE-2020-35376

Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp()...

CVE-2020-25725

In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed t3GlyphStack->cache, which causes an heap-use-after-free problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referr...

CVE-2020-24999

There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other...

CVE-2020-24996

There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly...

CVE-2010-0206

xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream...

CVE-2019-16927

Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than...

CVE-2019-10022

An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in...

CVE-2019-10019

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for...

CVE-2019-10018

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv...