9 matches found
SUSE CVE-2009-0791
Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PDF file that trigger...
CVE-2022-38230
XPDF commit ffaf11c was discovered to contain a floating point exception FPE via DCTStream::decodeImage at /xpdf/Stream.cc...
UBUNTU-CVE-2021-27548
There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode function in XFAScanner.cc in xpdf 4.03...
UBUNTU-CVE-2019-12360
A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump...
UBUNTU-CVE-2019-10020
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters...
PDF JBIG2 NULL dereference
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service crash via a crafted PDF file that triggers a NULL pointer dereference...
PDF JBIG2 decoder OOB read
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service crash via a crafted PDF file that triggers an out-of-bounds read...
xpdf: Multiple integer overflows in JBIG2 decoder
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service crash via a crafted PDF file, related to 1 JBIG2Stream::readSymbolDictSeg, 2 JBIG2Stream::readSymbolDictSeg, and 3...
PDF JBIG2 decoder OOB read
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service crash via a crafted PDF file that triggers an out-of-bounds read...