Lucene search
K
XpdfreaderXpdf

82 matches found

CVE
CVE
added 2021/08/24 6:49 p.m.1301 views

CVE-2021-30860

CVE-2021-30860 affects Apple CoreGraphics in macOS/iOS/watchOS/tvOS stack. A vulnerability in integer overflow during processing of maliciously crafted PDFs could lead to arbitrary code execution. Fixed in Security Update 2021-005 for Catalina, iOS 14.8 / iPadOS 14.8, macOS Big Sur 11.6, and watc...

7.8CVSS6.5AI score0.75994EPSS
In wild
CVE
CVE
added 2022/08/22 6:33 p.m.416 views

CVE-2022-38171

CVE-2022-38171 describes an integer overflow in the JBIG2 decoder of Xpdf (JBIG2Stream::readTextRegionSeg in JBIG2Stream.cc) that can crash or allow arbitrary code execution when processing a crafted PDF or JBIG2 image. Publicly documented impact aligns with prior CVEs (e.g., CVE-2021-30860) and ...

7.8CVSS8AI score0.00314EPSS
In wild
CVE
CVE
added 2020/12/26 3:30 a.m.374 views

CVE-2020-35376

CVE-2020-35376 affects Xpdf 4.02, where FoFiType1C::getOp() misreferences a subroutine in a Type 1C font string, causing stack consumption. The Gentoo GLSA (GLSA-202405-18) recommends upgrading to Xpdf 4.04 or newer to fix the vulnerability. No exploitation details are provided in the connected d...

7.5CVSS7.2AI score0.02057EPSS
CVE
CVE
added 2020/11/21 5:29 a.m.241 views

CVE-2020-25725

CVE-2020-25725 affects Xpdf 4.02 (and related advisories) with a heap-use-after-free in SplashOutputDev::endType3Char, where the code accesses the freed t3GlyphStack->cache during Type 3 font processing. This is tied to a prior fix for nested Type 3 chars not correctly handling references with...

5.5CVSS6AI score0.00992EPSS
CVE
CVE
added 2010/11/05 5:0 p.m.154 views

CVE-2010-3702

The CVE-2010-3702 issue affects the Xpdf PDF parser (Gfx::getPos) in Xpdf

7.5CVSS7.3AI score0.02757EPSS
CVE
CVE
added 2007/07/30 11:0 p.m.112 views

CVE-2007-3387

CVE-2007-3387 affects xpdf 3.02 and thus downstream KDE/kpdf/gpdf/pdfs handling in kdegraphics, CUPS, and related tools. The root cause is an integer/stack-based overflow in PDF parsing: StreamPredictor::getNextLine may overflow when processing a crafted PDF, potentially allowing remote code exec...

6.8CVSS7.9AI score0.08565EPSS
CVE
CVE
added 2019/03/24 11:10 p.m.105 views

CVE-2019-10018

Xpdf 4.01.01 contains CVE-2019-10018: an FPE in PostScriptFunction::exec (psOpIdiv). Mageia MGASA-2019-0293 documents fixes for this and related CVEs in Xpdf; Debian DLA-2440-1 notes the poppler update fixes CVE-2019-10018 (and others) in Debian 9. Affected remediation details vary by distro (Mag...

5.5CVSS5.8AI score0.01105EPSS
CVE
CVE
added 2022/05/09 6:0 p.m.101 views

CVE-2022-30524

CVE-2022-30524 affects Xpdf: a malformed handling of characters at large y coordinates in TextOutputDev.cc TextLine leads to invalid memory access, triggering a Denial of Service (segmentation fault) or other impact when processing crafted PDFs (e.g., via pdftotext). Related entries (CVE-2023-304...

7.8CVSS5.9AI score0.01581EPSS
CVE
CVE
added 2019/03/24 11:10 p.m.90 views

CVE-2019-10019

Xpdf 4.01.01 is affected by CVE-2019-10019 due to a floating‑point exception (FPE) in PSOutputDev::checkPageSlice (PSOutputDev.cc) for nStripes. The connected sources confirm this exact root cause and mention it as part of a set of vulnerabilities fixed in updated xpdf packages (e.g., Mageia MGAS...

5.5CVSS5.7AI score0.00895EPSS
CVE
CVE
added 2022/05/16 2:54 a.m.87 views

CVE-2022-30775

CVE-2022-30775 affects the Xpdf 4.04 PDF toolchain, where crafted input leads to excessive memory allocation in the PDF handling path (triggered via crafted PDFs to the pdftoppm tool). Reproduction notes indicate the issue is most easily observed when building/redirection uses the DCMAKE_CXX_COMP...

5.5CVSS5.5AI score0.00795EPSS
CVE
CVE
added 2022/05/18 2:37 p.m.84 views

CVE-2021-27548

Xpdf 4.03 contains a Null Pointer Dereference in XFAScanner::scanNode() (XFAScanner.cc). This can crash the process, per multiple sources (e.g., CNVD, OSV, NVD). The issue is due to dereferencing a null pointer in the scanner component. Remediation: upgrade to version 4.04 or later (as advised by...

5.5CVSS5.6AI score0.00712EPSS
CVE
CVE
added 2020/01/09 8:42 p.m.81 views

CVE-2012-2142

CVE-2012-2142 affects Poppler up to version 0.21.4, where the error function in Error.cc can be abused by a crafted PDF containing an escape sequence for a terminal emulator to execute arbitrary commands. The vulnerability arises from improper handling of escape sequences in PDFs, enabling potent...

7.8CVSS7.8AI score0.02942EPSS
CVE
CVE
added 2018/10/18 6:0 a.m.81 views

CVE-2018-18456

CVE-2018-18456 affects Poppler/Xpdf 4.00 (Object::isName in Object.h, called from Gfx::opSetFillColorN). A crafted PDF can trigger a stack-based buffer over-read, enabling a denial of service (noted in pdftoppm workflows). Publicly documented references (NVD entry) abstract the issue; connected a...

5.5CVSS5.6AI score0.00966EPSS
CVE
CVE
added 2018/02/15 9:0 p.m.78 views

CVE-2018-7174

CVE-2018-7174 concerns xpdf 4.00 where an infinite loop in XRef::Xref can trigger denial of service. The loop detection exists only for tables, not streams, enabling potential resource exhaustion. Multiple connected sources (OSV, Debian/Ubuntu/Nessus/OSV entries, SUSE, OpenVAS, Fedora updates) co...

5.5CVSS5.5AI score0.00846EPSS
CVE
CVE
added 2024/04/24 6:36 p.m.78 views

CVE-2024-4141

CVE-2024-4141: Out-of-bounds array write in Xpdf 4.05 and earlier caused by a bounds-check optimization bug in Type 1 font handling. The Fedora advisories indicate the issue is addressed by updating to xpdf 4.06 (Fedora 42/43 packages), which fixes the vulnerable code path. The CVE description no...

5.5CVSS4.3AI score0.0018EPSS
CVE
CVE
added 2019/03/24 11:11 p.m.77 views

CVE-2019-10021

CVE-2019-10021 affects Xpdf 4.01.01: there is a floating-point exception in ImageStream::ImageStream (Stream.cc) for nComps. Connected advisories (Mageia MGASA-2019-0293; USN/OSSV entries) confirm updates to fix Xpdf vulnerabilities and reference CVE-2019-10021 among others. No exploitation statu...

5.5CVSS5.8AI score0.00895EPSS
CVE
CVE
added 2019/03/24 11:11 p.m.76 views

CVE-2019-10023

CVE-2019-10023 affects Xpdf 4.01.01, with a Floating Point Exception (FPE) in PostScriptFunction::exec for the psOpMod case (Function.cc). Related advisories (MGASA-2019-0293 / OSV-2019-0244) confirm the issue and indicate that updated xpdf packages fix the vulnerabilities. OpenVAS entries and Ma...

5.5CVSS5.8AI score0.00895EPSS
CVE
CVE
added 2022/09/30 4:21 a.m.75 views

CVE-2022-41842

CVE-2022-41842 affects Xpdf 4.04, where a crash in gfseek(_IO_FILE*, long, int) within goo/gfile.cc is reported. Public sources consistently identify this as a crash/resource-management fault in Xpdf 4.04. The issue is documented across multiple databases/advisories, with no public exploit detail...

5.5CVSS5.5AI score0.00394EPSS
CVE
CVE
added 2022/09/30 4:21 a.m.75 views

CVE-2022-41843

CVE-2022-41843 corresponds to an issue in Xpdf 4.04 where convertToType0 in fofi/FoFiType1C.cc causes a crash. This entry is distinct from CVE-2022-38928. Several advisories note that Xpdf 4.04 is affected and that fixed packages exist; Gentoo/Mageia advisories show remediation guidance, upgradin...

5.5CVSS6AI score0.00392EPSS
CVE
CVE
added 2022/09/30 4:21 a.m.75 views

CVE-2022-41844

CVE-2022-41844 affects Xpdf 4.04, causing a crash in XRef::fetch(int, int, Object*, int) (xpdf/XRef.cc). It is distinguished from CVE-2018-16369 and CVE-2019-16088. Several advisories note fixes/upgrades; for mitigation, upgrading to a newer Xpdf version is recommended (e.g., >=app-text/xpdf-4...

5.5CVSS5.5AI score0.00363EPSS
CVE
CVE
added 2023/08/22 12:0 a.m.73 views

CVE-2022-48545

CVE-2022-48545 : An infinite recursion in Catalog::findDestInTree can cause a denial of service in xpdf 4.02. The vulnerability is locally exploitable (attack vector: LOCAL) with a CVSS v3.1 base score of 5.5 (medium). The available sources explicitly describe the infinite recursion in Catalog::f...

5.5CVSS5.5AI score0.00232EPSS
CVE
CVE
added 2022/04/25 12:48 p.m.72 views

CVE-2022-27135

CVE-2022-27135 affects xpdf 4.03, with a heap buffer overflow in readXRefTable (XRef.cc) that an attacker can trigger by feeding a crafted PDF to the pdftoppm tool, leading to denial of service (segmentation fault) or other effects. Connected advisories confirm the issue and recommend upgrading t...

5.5CVSS5.8AI score0.00974EPSS
CVE
CVE
added 2023/06/02 10:32 p.m.72 views

CVE-2023-3044

CVE-2023-3044 describes a divide-by-zero in Xpdf text extraction caused by an excessively large PDF page size used in fuzz testing. Connected sources indicate this is related to CVE-2022-30524 and historically affects Xpdf 4.04; mitigations are to upgrade to Xpdf 4.05 or later (per distro advisor...

3.3CVSS5.2AI score0.00345EPSS
CVE
CVE
added 2022/09/15 12:0 a.m.70 views

CVE-2022-38334

XPDF is affected by CVE-2022-38334: in XPDF v4.04 and earlier, a stack overflow can be triggered by Catalog::countPageTree() in Catalog.cc. Public advisories confirm multiple vendors advise upgrading to a fixed release (e.g., Gentoo GLSA-202409-25 recommends upgrading to XPDF >= 4.05; Mageia M...

5.5CVSS5.8AI score0.00382EPSS
CVE
CVE
added 2018/10/18 6:0 a.m.69 views

CVE-2018-18454

CVE-2018-18454 is a vulnerability in Xpdf/Poppler where CCITTFaxStream::readRow() in Stream.cc (Xpdf 4.00) can crash or exhaust memory via a crafted PDF, enabling a heap-based buffer over-read and denial of service. Connected advisories cite multiple affected builds (Xpdf 4.00, 4.01.01; Poppler 0...

5.5CVSS5.6AI score0.01221EPSS
CVE
CVE
added 2024/04/17 6:41 p.m.68 views

CVE-2024-3900

CVE-2024-3900 affects Xpdf up to version 4.05. The issue is an out-of-bounds array write triggered by a long Unicode sequence in ActualText, resulting in an availability impact. Fedora advisories and Slackware/Nessus entries indicate the remediation is to upgrade to xpdf 4.06 or newer; Fedora 42/...

5.5CVSS4.2AI score0.00178EPSS
CVE
CVE
added 2024/05/06 7:56 p.m.68 views

CVE-2024-4568

CVE-2024-4568 affects Xpdf 4.05 and earlier, where a PDF object loop in resources can cause infinite recursion and a stack overflow. The entry provides a local attack vector with low privileges and no user interaction, resulting in availability impact (A: High) per the NVD metrics. Fedora/NVD/rel...

5.5CVSS6.7AI score0.00219EPSS
CVE
CVE
added 2024/05/15 8:34 p.m.67 views

CVE-2024-4976

CVE-2024-4976 affects Xpdf; an out-of-bounds write occurs in AcroForm field reference due to a missing object type check in Xpdf 4.05 and earlier. Fedora advisories and Slackware/Nessus entries corroborate impact and note remediation by updating to 4.06. Practical impact is an out-of-bounds write...

5.5CVSS6.8AI score0.00165EPSS
CVE
CVE
added 2018/09/03 12:0 a.m.65 views

CVE-2018-16369

CVE-2018-16369 affects Xpdf 4.00 (XRef::fetch) where a crafted PDF can cause a stack DoS via AcroForm::scanField, as demonstrated by pdftohtml. The vulnerability is noted to possibly overlap CVE-2018-7453 (infinite recursion in AcroForm::scanField). Multiple advisories (e.g., Slackware SSA:2024-0...

5.5CVSS5.1AI score0.01618EPSS
CVE
CVE
added 2019/03/24 11:12 p.m.65 views

CVE-2019-10026

CVE-2019-10026 concerns Xpdf 4.01.01 with a fault: an FPE in PostScriptFunction::exec (Function.cc) for the psOpRoll case. Affected component is the Xpdf PS processing path; root cause is in the Roll operation handling. Public references (NVD/SUSE/UBUNTU/CNVD/OSV etc.) consistently describe an FP...

5.5CVSS5.7AI score0.00873EPSS
CVE
CVE
added 2018/03/14 3:0 a.m.64 views

CVE-2018-8102

CVE-2018-8102 affects the xpdf 4.00 package, specifically the JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc. The root cause is a buffer over-read when processing a crafted PDF, which can cause a denial of service and application crash (demonstrated by pdftohtml). The connected document...

5.5CVSS5.5AI score0.00799EPSS
CVE
CVE
added 2018/02/24 6:0 a.m.63 views

CVE-2018-7453

Xpdf 4.00 contains an infinite recursion in AcroForm::scanField (AcroForm.cc) caused by insufficient loop checking, enabling denial of service when processing specially crafted PDFs (as demonstrated by pdftohtml). The issue affects xpdf-4.00 and is discussed in multiple advisories. Remediation gu...

5.5CVSS5.1AI score0.00915EPSS
CVE
CVE
added 2019/03/24 11:12 p.m.63 views

CVE-2019-10025

CVE-2019-10025 affects Xpdf 4.01.01, with a fault in ImageStream::ImageStream in Stream.cc for nBits that causes a faulting/potential exploitation path (FPE). The linked documents consistently describe the vulnerability as an FPE in the ImageStream constructor, without providing concrete exploit ...

5.5CVSS5.7AI score0.00873EPSS
CVE
CVE
added 2022/08/30 8:5 p.m.63 views

CVE-2022-36561

CVE-2022-36561 affects XPDF v4.0.4, with a segmentation violation in xpdf/AcroForm.cc:538. The vulnerability is documented with CVSS v3.1: Local attack vector, no privileges required, user interaction needed, and A: High impact on availability (score 5.5, Medium overall). Public advisories and ve...

5.5CVSS5.5AI score0.00315EPSS
CVE
CVE
added 2024/04/02 10:57 p.m.63 views

CVE-2024-3247

CVE-2024-3247 affects Xpdf up to version 4.05 (and earlier). The issue is a PDF object loop in an object stream that can trigger infinite recursion and a stack overflow, enabling a local attack surface and potential denial-of-service when processing crafted PDFs. Fedora advisories indicate remedi...

5.5CVSS3.7AI score0.00291EPSS
CVE
CVE
added 2018/09/03 12:0 a.m.62 views

CVE-2018-16368

CVE-2018-16368 affects Xpdf (SplashXPath.c) in versions around 4.00 and 4.01.01, where SplashXPath::strokeAdjust() can be triggered by a crafted PDF sent to pdftoppm, enabling a remote attacker to cause a denial of service via a heap-based buffer over-read. Related entries note potential informat...

5.5CVSS5.2AI score0.0114EPSS
CVE
CVE
added 2022/11/14 12:0 a.m.62 views

CVE-2022-43295

XPDF v4.04 contains a stack overflow in FileStream::copy() (xpdf/Stream.cc:795). Consequence is a potential crash/denial of service as described for CVE-2022-43295. Public advisories confirm the issue and commonly list it among multiple CVEs fixed by upgrading to the newer release (e.g., xpdf-4.0...

5.5CVSS5.8AI score0.00252EPSS
CVE
CVE
added 2023/02/15 12:0 a.m.62 views

CVE-2022-45587

CVE-2022-45587 affects Xpdf 4.04, with a stack overflow in goo/gmem.cc:gmalloc that enables local denial of service. Public details identify the vulnerable version and function; a fix is referenced in Gentoo GLSA, advising upgrading to Xpdf 4.05 or newer. No exploit details are provided beyond th...

5.5CVSS5.5AI score0.00317EPSS
CVE
CVE
added 2023/06/27 8:55 p.m.62 views

CVE-2023-3436

CVE-2023-3436 affects Xpdf 4.04 where a PDF object stream’s Length field, if placed in another object stream, can cause a deadlock. Public sources (Slackware/Mageia advisories) recommend upgrading to Xpdf 4.05 or newer to fix the issue, with related entries noting other CVEs in the same release. ...

3.3CVSS3.9AI score0.00172EPSS
CVE
CVE
added 2024/04/02 11:4 p.m.62 views

CVE-2024-3248

CVE-2024-3248 affects Xpdf 4.05 and earlier due to a PDF object loop in attachments that triggers infinite recursion and a stack overflow. Connected advisories show remediation by upgrading to xpdf 4.06 (e.g., Fedora updates and Slackware SSA references), confirming a version-based fix. The avail...

5.5CVSS3.7AI score0.00294EPSS
CVE
CVE
added 2018/10/18 6:0 a.m.61 views

CVE-2018-18457

The CVE-2018-18457 issue affects Xpdf 4.00, specifically the DCTStream::readScan function in Stream.cc. A crafted PDF file can trigger a denial-of-service via a NULL pointer dereference, as demonstrated by pdftoppm. The connected sources corroborate the vulnerable component and condition but do n...

5.5CVSS5.3AI score0.01141EPSS
CVE
CVE
added 2020/09/03 10:17 p.m.61 views

CVE-2020-24999

CVE-2020-24999 affects Xpdf 4.0.2: an invalid memory access occurs in fprintf in Error.cc. A crafted PDF sent to the pdftohtml binary can trigger a Denial of Service (segmentation fault) and potentially other impact. Multiple external sources in the connected data reiterate this vulnerability, wi...

7.8CVSS8AI score0.01055EPSS
CVE
CVE
added 2018/10/18 6:0 a.m.60 views

CVE-2018-18458

CVE-2018-18458 affects Xpdf 4.00: the DCTStream::decodeImage function in Stream.cc is vulnerable to a denial-of-service via a crafted PDF that triggers a NULL pointer dereference, as demonstrated by pdftoppm. Connected sources consistently describe the same flaw across multiple advisories (NVD en...

5.5CVSS5.3AI score0.01141EPSS
CVE
CVE
added 2018/02/15 9:0 p.m.60 views

CVE-2018-7175

CV E-2018-7175 affects xpdf 4.00. A NULL pointer dereference in readCodestream handling JPX images with zero components can cause denial of service. Public references in connected docs indicate remediation: update to xpdf 4.01 (Fedora 29, Fedora/Thanks to Nessus entries). The vulnerability is tie...

5.5CVSS5.2AI score0.00839EPSS
CVE
CVE
added 2018/03/14 3:0 a.m.60 views

CVE-2018-8101

CVE-2018-8101 affects xpdf 4.00, where JPXStream::inverseTransformLevel (JPXStream.cc) can cause a denial of service via a specific PDF, resulting in a heap-based buffer over-read and application crash (as demonstrated by pdftohtml). The connected documents corroborate the exact function and vuln...

5.5CVSS5.6AI score0.00799EPSS
CVE
CVE
added 2019/03/24 11:10 p.m.60 views

CVE-2019-10020

CVE-2019-10020 concerns Xpdf 4.01.01, with a reported floating-point exception (FPE) in the function Splash::scaleImageYuXu within Splash.cc when processing x Bresenham parameters. The connected sources corroborate the same issue across multiple advisories (SUSE, Ubuntu, Debian, CNVD, etc.), indi...

5.5CVSS5.7AI score0.00873EPSS
CVE
CVE
added 2018/03/14 3:0 a.m.59 views

CVE-2018-8100

The CVE-2018-8100 entry concerns the xpdf 4.00 component JPXStream::readTilePart in JPXStream.cc. A flaw in this function can be triggered by a crafted PDF file (as demonstrated by pdftohtml), enabling a denial of service via a heap-based buffer overflow that crashes the application and may have ...

7.8CVSS8.2AI score0.00933EPSS
CVE
CVE
added 2019/03/24 11:11 p.m.59 views

CVE-2019-10024

CVE-2019-10024 affects Xpdf 4.01.01, with a fault described as a floating-point exception in Splash::scaleImageYuXu (Splash.cc) related to y Bresenham parameters. The connected sources confirm the vulnerable component and function but do not provide explicit exploit details, affected products bey...

5.5CVSS5.7AI score0.00873EPSS
CVE
CVE
added 2019/03/19 6:16 p.m.59 views

CVE-2019-9877

CVE-2019-9877 : In Xpdf 4.01, an invalid memory access in TextPage::findGaps() (TextOutputDev.c) can be triggered by a crafted PDF sent to pdftops, potentially causing a denial of service via segmentation fault (and possibly other impact). Connected documents corroborate this vulnerability for Xp...

7.8CVSS6AI score0.01141EPSS
CVE
CVE
added 2022/11/15 12:0 a.m.59 views

CVE-2022-43071

XPDF 4.04 is affected by CVE-2022-43071 due to a stack overflow in Catalog::readPageLabelTree2(Object*), allowing a crafted PDF to trigger a Denial of Service. Public advisories confirm the issue and note that the fix was delivered by upgrading to a newer XPDF version (Gentoo GLSA 202409-25 and M...

5.5CVSS5.5AI score0.00333EPSS
Total number of security vulnerabilities82