Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field...
6.8AI Score
0.0004EPSS
In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack...
2.9CVSS
6.7AI Score
0.0004EPSS
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in...
2.9CVSS
4.2AI Score
0.0004EPSS
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern...
2.9CVSS
4.3AI Score
0.0004EPSS
In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack...
2.9CVSS
4.1AI Score
0.0004EPSS
In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack...
2.9CVSS
4.1AI Score
0.0004EPSS
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF...
2.9CVSS
4.2AI Score
0.0004EPSS
Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object...
3.3CVSS
4AI Score
0.0004EPSS
An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character...
3.3CVSS
5.1AI Score
0.001EPSS
In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a...
5.5CVSS
5.5AI Score
0.0004EPSS
In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack...
5.5CVSS
5.4AI Score
0.0004EPSS
In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack...
5.5CVSS
5.4AI Score
0.0004EPSS
XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at...
7.8CVSS
7.7AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at...
5.5CVSS
5.5AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::lookChar() at...
7.8CVSS
7.7AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readScan() at...
7.8CVSS
7.7AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::transformDataUnit at...
7.8CVSS
7.7AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at...
7.8CVSS
7.7AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at...
5.5CVSS
5.5AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::getChar() at...
7.8CVSS
7.7AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at...
5.5CVSS
5.5AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a stack overflow via __asan_memcpy at...
7.8CVSS
7.8AI Score
0.001EPSS
XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at...
5.5CVSS
5.5AI Score
0.001EPSS
xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream...
5.5CVSS
5.4AI Score
0.001EPSS
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a.....
7.1AI Score
0.006EPSS
Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF...
8AI Score
0.139EPSS
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode...
8.1AI Score
0.334EPSS
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer...
8.1AI Score
0.164EPSS
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory...
6.9AI Score
0.068EPSS
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3).....
6.6AI Score
0.021EPSS
Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in...
6.5AI Score
0.036EPSS
Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that.....
7.6AI Score
0.02EPSS
Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack...
7.3AI Score
0.021EPSS
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null...
6.1AI Score
0.005EPSS
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by...
8.9AI Score
0.036EPSS
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU...
6.2AI Score
0.006EPSS
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer...
6.3AI Score
0.013EPSS
Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range...
7.8AI Score
0.184EPSS
Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f)...
7.5AI Score
0.006EPSS
Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service.....
7.7AI Score
0.007EPSS
xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the...
5.7AI Score
0.001EPSS
Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength...
7.5AI Score
0.096EPSS
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original...
6.7AI Score
0.07EPSS
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by...
7.6AI Score
0.07EPSS
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by...
7.3AI Score
0.07EPSS
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted...
7.5AI Score
0.062EPSS
Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by...
7.6AI Score
0.001EPSS
Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded...
7.5AI Score
0.051EPSS
xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink...
6.8AI Score
0.0004EPSS
xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell...
7.8AI Score
0.003EPSS