Xpdf Security Vulnerabilities and Issues — Xpdf CVE List

Lucene search

FoolabsXpdf

10 matches found

CVE•added 2009/04/23 5:30 p.m.•99 views

CVE-2009-0799

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.

4.3CVSS7.2AI score0.00676EPSS

CVE•added 2009/04/23 5:30 p.m.•80 views

CVE-2009-0147

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG...

4.3CVSS7.2AI score0.02257EPSS

CVE•added 2009/04/23 5:30 p.m.•76 views

CVE-2009-0166

The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.

4.3CVSS7.2AI score0.05539EPSS

CVE•added 2009/04/23 5:30 p.m.•73 views

CVE-2009-0146

Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.

4.3CVSS7.3AI score0.0217EPSS

CVE•added 2009/04/23 5:30 p.m.•73 views

CVE-2009-1183

The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.

4.3CVSS7.1AI score0.01192EPSS

CVE•added 2011/03/31 11:55 p.m.•70 views

CVE-2011-1554

Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid po...

4.3CVSS6.3AI score0.31187EPSS

CVE•added 2009/04/23 5:30 p.m.•66 views

CVE-2009-1181

4.3CVSS7.2AI score0.01381EPSS

CVE•added 2011/03/31 11:55 p.m.•64 views

CVE-2011-1553

Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnera...

4.3CVSS6.3AI score0.31187EPSS

CVE•added 2009/10/21 5:30 p.m.•59 views

CVE-2009-3609

Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf, kdegraphics KPDF, and CUPS pdftops, allows remote attackers to cause a denial of service (application crash) via a crafted PDF document that triggers a NULL poin...

4.3CVSS6.8AI score0.05304EPSS

CVE•added 2011/03/31 11:55 p.m.•56 views

CVE-2011-1552

t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.

4.3CVSS6.3AI score0.31187EPSS