Xpdf Security Vulnerabilities
Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field...
6.8AI Score
0.0004EPSS
In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack...
2.9CVSS
6.7AI Score
0.0004EPSS
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern...
2.9CVSS
4.3AI Score
0.0004EPSS
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in...
2.9CVSS
4.2AI Score
0.0004EPSS
In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack...
2.9CVSS
4.1AI Score
0.0004EPSS
In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack...
2.9CVSS
4.1AI Score
0.0004EPSS
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF...
2.9CVSS
4.2AI Score
0.0004EPSS
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf...
5.5CVSS
5.5AI Score
0.0004EPSS
Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object...
3.3CVSS
4AI Score
0.0004EPSS
An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character...
3.3CVSS
5.1AI Score
0.001EPSS
In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack...
5.5CVSS
5.4AI Score
0.0004EPSS
In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack...
5.5CVSS
5.4AI Score
0.0004EPSS
In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a...
5.5CVSS
5.5AI Score
0.0004EPSS
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory...
5.5CVSS
5.4AI Score
0.001EPSS
Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of...
5.5CVSS
5.5AI Score
0.0004EPSS
Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of...
5.5CVSS
5.5AI Score
0.0004EPSS
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted...
7.5CVSS
7.5AI Score
0.001EPSS
A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF...
5.5CVSS
5.5AI Score
0.001EPSS
XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at...
5.5CVSS
5.8AI Score
0.001EPSS
An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the...
5.5CVSS
5.3AI Score
0.001EPSS
An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of...
5.5CVSS
5.3AI Score
0.001EPSS
The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by...
5.5CVSS
5.6AI Score
0.001EPSS
The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by...
5.5CVSS
5.6AI Score
0.001EPSS
The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by...
7.8CVSS
8.2AI Score
0.001EPSS
The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by...
5.5CVSS
5.6AI Score
0.001EPSS
The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by...
5.5CVSS
5.6AI Score
0.001EPSS
The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by...
5.5CVSS
5.5AI Score
0.001EPSS
The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by...
5.5CVSS
5.6AI Score
0.001EPSS
The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by...
5.5CVSS
5.6AI Score
0.001EPSS
The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG...
7.8CVSS
8.1AI Score
0.001EPSS
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not...
5.5CVSS
5.5AI Score
0.001EPSS
An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero...
5.5CVSS
5.2AI Score
0.001EPSS
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate...
5.5CVSS
5.2AI Score
0.001EPSS
An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and...
5.5CVSS
5.5AI Score
0.001EPSS
An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in...
5.5CVSS
5.5AI Score
0.001EPSS
An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than...
5.5CVSS
6AI Score
0.001EPSS
There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other...
7.8CVSS
7.9AI Score
0.001EPSS
7.8CVSS
6AI Score
0.001EPSS
XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at...
5.5CVSS
5.8AI Score
0.001EPSS
XPDF v4.0.4 was discovered to contain a segmentation violation via the component...
5.5CVSS
5.5AI Score
0.001EPSS
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by...
XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at...
7.8CVSS
7.7AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at...
5.5CVSS
5.5AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::lookChar() at...
7.8CVSS
7.7AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readScan() at...
7.8CVSS
7.7AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::transformDataUnit at...
7.8CVSS
7.7AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at...
7.8CVSS
7.7AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at...
5.5CVSS
5.5AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::getChar() at...
7.8CVSS
7.7AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at...
5.5CVSS
5.5AI Score
0.001EPSS