Total
68 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-8102 | 1 Xpdfreader | 1 Xpdf | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. | |||||
CVE-2018-7174 | 1 Xpdfreader | 1 Xpdf | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams. | |||||
CVE-2018-8100 | 1 Xpdfreader | 1 Xpdf | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml. | |||||
CVE-2018-11033 | 1 Xpdfreader | 1 Xpdf | 2024-02-04 | 6.8 MEDIUM | 7.8 HIGH |
The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data. | |||||
CVE-2018-7173 | 1 Xpdfreader | 1 Xpdf | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding. | |||||
CVE-2018-7453 | 1 Xpdfreader | 1 Xpdf | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml. | |||||
CVE-2010-3702 | 9 Apple, Canonical, Debian and 6 more | 11 Cups, Ubuntu Linux, Debian Linux and 8 more | 2024-02-04 | 7.5 HIGH | N/A |
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. | |||||
CVE-2007-3387 | 6 Apple, Canonical, Debian and 3 more | 6 Cups, Ubuntu Linux, Debian Linux and 3 more | 2024-02-04 | 6.8 MEDIUM | N/A |
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function. |