Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Xpdf
(Xpdfreader)| Repositories | |
| #Vulnerabilities | 82 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-04-26 | CVE-2023-26930 | Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.” | Xpdf | 5.5 | ||
| 2023-05-11 | CVE-2023-2664 | In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow. | Xpdf | 5.5 | ||
| 2023-06-02 | CVE-2023-3044 | An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate. | Xpdf | 3.3 | ||
| 2023-06-27 | CVE-2023-3436 | Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream. | Xpdf | 3.3 | ||
| 2023-08-22 | CVE-2022-48545 | An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02. | Xpdf | 5.5 | ||
| 2024-08-15 | CVE-2024-7868 | In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address. | Xpdf | 8.2 | ||
| 2024-08-15 | CVE-2024-7867 | In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero. | Xpdf | 6.2 | ||
| 2024-08-15 | CVE-2024-7866 | In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow. | Xpdf | 5.5 | ||
| 2019-03-25 | CVE-2019-10018 | An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. | Ubuntu_linux, Debian_linux, Xpdf | 5.5 | ||
| 2007-07-30 | CVE-2007-3387 | Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. | Cups, Ubuntu_linux, Debian_linux, Poppler, Gpdf, Xpdf | N/A |