Xpdfreader Security Vulnerabilities and Issues — Xpdfreader CVE List

Lucene search

GlyphandcogXpdfreader

14 matches found

CVE•added 2019/09/06 10:15 p.m.•284 views

CVE-2019-16088

Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc.

5.5CVSS5.2AI score0.0023EPSS

CVE•added 2019/07/04 10:15 p.m.•149 views

CVE-2019-13288

In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.

5.5CVSS5.7AI score0.31539EPSS

CVE•added 2019/07/04 10:15 p.m.•129 views

CVE-2019-13286

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure.

5.5CVSS6AI score0.00321EPSS

CVE•added 2019/07/04 10:15 p.m.•123 views

CVE-2019-13287

In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is r...

5.5CVSS5.2AI score0.00402EPSS

CVE•added 2019/07/04 10:15 p.m.•117 views

CVE-2019-13291

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure.

5.5CVSS5.5AI score0.00245EPSS

CVE•added 2019/10/01 4:15 p.m.•86 views

CVE-2019-17064

Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.

5.5CVSS5.2AI score0.00368EPSS

CVE•added 2019/06/25 12:15 a.m.•81 views

CVE-2019-12958

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated.

5.5CVSS6.1AI score0.00201EPSS

CVE•added 2019/07/27 7:15 p.m.•50 views

CVE-2019-14293

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2.

5.5CVSS5.7AI score0.00165EPSS

CVE•added 2019/07/27 7:15 p.m.•47 views

CVE-2019-14291

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3.

5.5CVSS5.7AI score0.00165EPSS

CVE•added 2019/07/27 7:15 p.m.•45 views

CVE-2019-14289

An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case.

5.5CVSS5.9AI score0.00165EPSS

CVE•added 2019/07/27 7:15 p.m.•45 views

CVE-2019-14290

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2.

5.5CVSS5.7AI score0.00165EPSS

CVE•added 2019/07/27 7:15 p.m.•45 views

CVE-2019-14292

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1.

5.5CVSS5.7AI score0.00168EPSS

CVE•added 2019/07/27 7:15 p.m.•44 views

CVE-2019-14294

An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read.

5.5CVSS5.7AI score0.00194EPSS

CVE•added 2019/09/03 7:15 a.m.•37 views

CVE-2019-15860

Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002.

5.5CVSS5.4AI score0.00165EPSS