Vulnerabilities (CVE)

Filtered by vendor Xpdfreader Subscribe
Filtered by product Xpdf
Total 75 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-7454 1 Xpdfreader 1 Xpdf 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-8105 1 Xpdfreader 1 Xpdf 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-7173 1 Xpdfreader 1 Xpdf 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.
CVE-2018-8102 1 Xpdfreader 1 Xpdf 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-7452 1 Xpdfreader 1 Xpdf 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-7453 1 Xpdfreader 1 Xpdf 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.
CVE-2018-8107 1 Xpdfreader 1 Xpdf 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-8103 1 Xpdfreader 1 Xpdf 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-8101 1 Xpdfreader 1 Xpdf 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-8104 1 Xpdfreader 1 Xpdf 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-7455 1 Xpdfreader 1 Xpdf 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-8106 1 Xpdfreader 1 Xpdf 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-7175 1 Xpdfreader 1 Xpdf 2024-02-28 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components.
CVE-2010-3702 9 Apple, Canonical, Debian and 6 more 11 Cups, Ubuntu Linux, Debian Linux and 8 more 2024-02-28 7.5 HIGH N/A
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
CVE-2007-3387 6 Apple, Canonical, Debian and 3 more 6 Cups, Ubuntu Linux, Debian Linux and 3 more 2024-02-28 6.8 MEDIUM N/A
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.