Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Xpdfreader Subscribe
Total 68 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-10022 1 Xpdfreader 1 Xpdf 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.
CVE-2019-9878 2 Pdfalto Project, Xpdfreader 2 Pdfalto, Xpdf 2024-02-04 6.8 MEDIUM 7.8 HIGH
There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
CVE-2018-18457 1 Xpdfreader 1 Xpdf 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-18455 1 Xpdfreader 1 Xpdf 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-18650 1 Xpdfreader 1 Xpdf 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory.
CVE-2018-18651 1 Xpdfreader 1 Xpdf 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file.
CVE-2018-16369 1 Xpdfreader 1 Xpdf 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.
CVE-2018-18458 1 Xpdfreader 1 Xpdf 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-16368 1 Xpdfreader 1 Xpdf 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-18454 1 Xpdfreader 1 Xpdf 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-18459 1 Xpdfreader 1 Xpdf 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-18456 1 Xpdfreader 1 Xpdf 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
CVE-2018-7455 1 Xpdfreader 1 Xpdf 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-8104 1 Xpdfreader 1 Xpdf 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-7452 1 Xpdfreader 1 Xpdf 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-7454 1 Xpdfreader 1 Xpdf 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-8103 1 Xpdfreader 1 Xpdf 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-8107 1 Xpdfreader 1 Xpdf 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
CVE-2018-7175 1 Xpdfreader 1 Xpdf 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components.
CVE-2018-8101 1 Xpdfreader 1 Xpdf 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.