CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE-2024-4568 affects Xpdf 4.05 and earlier, where a PDF object loop in resources can cause infinite recursion and a stack overflow. The entry provides a local attack vector with low privileges and no user interaction, resulting in availability impact (A: High) per the NVD metrics. Fedora/NVD/rel...

5.5CVSS6.7AI score0.00219EPSS

Exploits0References1Affected Software1

NVD•added 2024/04/02 11:15 p.m.•12 views

CVE-2024-3248

In Xpdf 4.05 and earlier, a PDF object loop in the attachments leads to infinite recursion and a stack overflow...

5.5CVSS3.8AI score0.00294EPSS

Exploits1References1

Cvelist•added 2022/08/30 3:4 a.m.•23 views

CVE-2022-24107

Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc...

7.8AI score0.00294EPSS

Exploits0References2

Debian CVE•added 2022/08/16 8:13 p.m.•40 views

CVE-2022-38230

XPDF commit ffaf11c was discovered to contain a floating point exception FPE via DCTStream::decodeImage at /xpdf/Stream.cc...

5.5CVSS3.2AI score0.00287EPSS

Exploits1

OSV•added 2020/07/10 3:40 p.m.•7 views

MGASA-2020-0291 Updated xpdf packages fix security vulnerability

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump...

7.1CVSS7.2AI score0.0112EPSS

Exploits0References3

Prion•added 2018/03/14 3:29 a.m.•19 views

Heap overflow

The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service heap-based buffer over-read and application crash via a specific pdf file, as demonstrated by pdftohtml...

4.3CVSS5.4AI score0.00799EPSS

Exploits0References1Affected Software1

securityvulns•added 2005/01/19 12:0 a.m.•49 views

iDEFENSE Security Advisory 01.18.05 - Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow

Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow iDEFENSE Security Advisory 01.18.05 www.idefense.com/application/poi/display?id=186&type=vulnerabilities January 18, 2005 I. BACKGROUND Xpdf is an open-source viewer for PDF files. More information is available at the following site:...

7.5CVSS0.1AI score0.07217EPSS

Exploits1

Debian•added 2004/11/02 3:35 p.m.•27 views

[SECURITY] [DSA 581-1] New xpdf packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 581-1 [email protected] http://www.debian.org/security/ Martin Schulze November 2nd, 2004 http://www.debian.org/security/faq -...

10CVSS6.8AI score0.09334EPSS

Exploits0

CVE•added 2000/10/13 4:0 a.m.•41 views

CVE-2000-0727

CVE-2000-0727 affects the xpdf PDF viewer client older than 0.91. The flaw: when handling embedded URLs, the client does not correctly launch a web browser, enabling an attacker to execute arbitrary commands via a URL containing shell metacharacters. NVD assigns a base CVSS v2.0 score of 7.6 (HIG...

7.6CVSS7.8AI score0.02556EPSS

Exploits0References6Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by