Total
68 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27548 | 1 Xpdfreader | 1 Xpdf | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03. | |||||
| CVE-2020-35376 | 2 Fedoraproject, Xpdfreader | 2 Fedora, Xpdf | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
| Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function. | |||||
| CVE-2020-25725 | 2 Fedoraproject, Xpdfreader | 2 Fedora, Xpdf | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font. | |||||
| CVE-2020-24999 | 1 Xpdfreader | 1 Xpdf | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2020-24996 | 1 Xpdfreader | 1 Xpdf | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2012-2142 | 4 Freedesktop, Opensuse, Redhat and 1 more | 4 Poppler, Opensuse, Enterprise Linux and 1 more | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
| The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | |||||
| CVE-2010-0206 | 2 Debian, Xpdfreader | 2 Debian Linux, Xpdf | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF stream objects. | |||||
| CVE-2010-0207 | 2 Debian, Xpdfreader | 2 Debian Linux, Xpdf | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers. | |||||