Xpdf Security Vulnerabilities and Issues — Xpdf CVE List

Lucene search

XpdfreaderXpdf

15 matches found

CVE•added 2022/08/22 7:15 p.m.•369 views

CVE-2022-38171

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2...

7.8CVSS8AI score0.69382EPSS

CVE•added 2022/05/09 6:15 p.m.•84 views

CVE-2022-30524

There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denia...

7.8CVSS5.9AI score0.02094EPSS

CVE•added 2022/05/16 3:15 a.m.•71 views

CVE-2022-30775

xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.

5.5CVSS5.5AI score0.00255EPSS

CVE•added 2022/05/18 3:15 p.m.•66 views

CVE-2021-27548

There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.

5.5CVSS5.6AI score0.00172EPSS

CVE•added 2022/09/30 5:15 a.m.•62 views

CVE-2022-41843

An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.

5.5CVSS6AI score0.00106EPSS

CVE•added 2022/09/30 5:15 a.m.•58 views

CVE-2022-41844

An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.

5.5CVSS5.5AI score0.00769EPSS

CVE•added 2022/04/25 1:15 p.m.•56 views

CVE-2022-27135

xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.

5.5CVSS5.8AI score0.00143EPSS

CVE•added 2022/09/15 9:15 p.m.•53 views

CVE-2022-38334

XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.

5.5CVSS5.8AI score0.00043EPSS

CVE•added 2022/09/30 5:15 a.m.•53 views

CVE-2022-41842

An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.

5.5CVSS5.5AI score0.00251EPSS

CVE•added 2022/08/30 9:15 p.m.•48 views

CVE-2022-36561

XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.

5.5CVSS5.5AI score0.00055EPSS

CVE•added 2022/11/14 9:15 p.m.•48 views

CVE-2022-43295

XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795.

5.5CVSS5.8AI score0.00052EPSS

CVE•added 2022/11/15 5:15 p.m.•47 views

CVE-2022-43071

A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

5.5CVSS5.5AI score0.00052EPSS

CVE•added 2022/06/28 5:15 p.m.•42 views

CVE-2022-33108

XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.

7.8CVSS7.7AI score0.00245EPSS

CVE•added 2022/09/21 1:15 p.m.•42 views

CVE-2022-38928

XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.

7.8CVSS6AI score0.00106EPSS

CVE•added 2022/09/29 3:15 a.m.•38 views

CVE-2022-38222

There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.

7.8CVSS7.9AI score0.00115EPSS