SUSE CVE-2022-48545

An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02...

CVE-2023-2662

In Xpdf 4.04 and earlier, a bad color space object in the input PDF file can cause a divide-by-zero...

UBUNTU-CVE-2023-2664

In Xpdf 4.04 and earlier, a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow...

CVE-2022-45587

Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service...

CVE-2022-41844

An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetchint, int, Object, int in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088...

DEBIAN-CVE-2021-27548

There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode function in XFAScanner.cc in xpdf 4.03...

CVE-2022-30524

There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by for example sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denia...

PT-2019-13238 · Xpdf · Xpdf

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.01.01 Description: The issue is a heap-based buffer over-read in the JBIG2Stream::readTextRegionSeg function, which can be triggered by sending a crafted PDF document to the pdftoppm tool. This might allow an attacker to cause...

UBUNTU-CVE-2019-9878

There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by for example sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service Segmentation...

CVE-2019-9588

There is an Invalid memory access in gAtomicIncrement located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to for example the pdftops binary. It allows an attacker to cause Denial of Service Segmentation fault or possibly have unspecified other impact...

CVE-2018-18651

An issue was discovered in Xpdf 4.00. catalog-getNumPages in AcroForm.cc allows attackers to launch a denial of service hang caused by large loop via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file...

PT-2018-14470 · Foolabs +2 · Xpdf +2

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.00 Description: The issue allows remote attackers to cause a denial of service via a crafted pdf file. This is due to a stack-based buffer over-read in the function Object::isName in Object.h, which is called from...

PT-2018-3976 · Xpdf +2 · Xpdf +2

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.00 Description: The issue is related to errors in the code of the Xpdf software, specifically in the XRef::fetch function in XRef.cc. It allows remote attackers to cause a denial of service, which is a stack consumption, via a...

UBUNTU-CVE-2018-8106

The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service heap-based buffer over-read and application crash via a specific pdf file, as demonstrated by pdftohtml...

DEBIAN-CVE-2018-8100

The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service heap-based buffer overflow and application crash or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml...

UBUNTU-CVE-2018-7453

Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml...

DEBIAN-CVE-2018-7452

A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml...

PT-2018-3977 · Foolabs +2 · Xpdf +2

Name of the Vulnerable Software and Affected Versions: xpdf version 4.00 Description: The issue is related to infinite recursion in the AcroForm::scanField function in AcroForm.cc, which can be exploited to launch a denial of service attack via a specific pdf file due to the lack of loop checking...