SUSE CVE-2019-9588

There is an Invalid memory access in gAtomicIncrement located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to for example the pdftops binary. It allows an attacker to cause Denial of Service Segmentation fault or possibly have unspecified other impact...

poppler: A logic error in the Hints::Hints function can cause denial of service

A logic error was found in Popplers' Hints::Hints function in the Hints.cc file. This flaw allows an attacker to trick a user into opening a crafted PDf file into the pdftops utility, which causes the program to hang for a long time, leading to a denial of service...

Updated xpdf packages fix security vulnerability

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump...

CVE-2019-13291

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure...

Heap overflow

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure...

CVE-2019-13291

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure...

Design/Logic Flaw

In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted...

UBUNTU-CVE-2019-12957

In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted...

CVE-2019-12957

In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted...

CVE-2019-9589

There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to for example the pdftops binary. It allows an attacker to cause Denial of Service Segmentation fault or possibly have...

DEBIAN-CVE-2009-0791

Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PDF file that trigger...