82 matches found
CVE-2021-30860
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this is...
CVE-2022-38171
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2...
CVE-2020-35376
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.
CVE-2020-25725
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed t3GlyphStack->cache, which causes an heap-use-after-free problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referr...
CVE-2010-3702
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer...
CVE-2019-10018
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.
CVE-2022-30524
There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denia...
CVE-2007-3387
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that trigg...
CVE-2019-10019
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.
CVE-2022-30775
xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.
CVE-2018-7174
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams.
CVE-2021-27548
There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.
CVE-2019-10023
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.
CVE-2022-41843
An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.
CVE-2012-2142
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
CVE-2018-18456
The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2023-3044
An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.
CVE-2022-41844
An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.
CVE-2024-4141
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers.
CVE-2022-27135
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.
CVE-2019-10021
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.
CVE-2018-8102
The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2022-41842
An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.
CVE-2024-4976
Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference.
CVE-2022-38334
XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.
CVE-2018-18454
CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2022-48545
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.
CVE-2024-3247
In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow.
CVE-2024-3900
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText.
CVE-2024-4568
In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow.
CVE-2018-16368
SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-8101
The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2019-10026
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.
CVE-2019-9877
There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly h...
CVE-2023-3436
Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream.
CVE-2018-16369
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.
CVE-2018-18458
The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2024-2971
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file.
CVE-2018-7175
An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components.
CVE-2018-7453
Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.
CVE-2019-10025
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.
CVE-2022-36561
XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.
CVE-2022-43295
XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795.
CVE-2022-45587
Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.
CVE-2018-8100
The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml.
CVE-2022-43071
A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2019-10020
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.
CVE-2019-10024
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.
CVE-2018-7173
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.
CVE-2018-7452
A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.