Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Xpdfreader Subscribe
Filtered by product Xpdf
Total 75 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-8102 1 Xpdfreader 1 Xpdf 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-8101 1 Xpdfreader 1 Xpdf 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-8100 1 Xpdfreader 1 Xpdf 2024-11-21 6.8 MEDIUM 7.8 HIGH
The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-7455 1 Xpdfreader 1 Xpdf 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-7454 1 Xpdfreader 1 Xpdf 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-7453 1 Xpdfreader 1 Xpdf 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.
CVE-2018-7452 1 Xpdfreader 1 Xpdf 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-7175 1 Xpdfreader 1 Xpdf 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components.
CVE-2018-7174 1 Xpdfreader 1 Xpdf 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams.
CVE-2018-7173 1 Xpdfreader 1 Xpdf 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.
CVE-2018-18651 1 Xpdfreader 1 Xpdf 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file.
CVE-2018-18650 1 Xpdfreader 1 Xpdf 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory.
CVE-2018-18459 1 Xpdfreader 1 Xpdf 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-18458 1 Xpdfreader 1 Xpdf 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-18457 1 Xpdfreader 1 Xpdf 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-18456 1 Xpdfreader 1 Xpdf 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-18455 1 Xpdfreader 1 Xpdf 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-18454 1 Xpdfreader 1 Xpdf 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-16369 1 Xpdfreader 1 Xpdf 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.
CVE-2018-16368 1 Xpdfreader 1 Xpdf 2024-11-21 4.3 MEDIUM 5.5 MEDIUM
SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024