Filtered by vendor Xpdfreader
Subscribe
Total
68 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-18457 | 1 Xpdfreader | 1 Xpdf | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. | |||||
| CVE-2018-18455 | 1 Xpdfreader | 1 Xpdf | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. | |||||
| CVE-2018-18650 | 1 Xpdfreader | 1 Xpdf | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory. | |||||
| CVE-2018-18651 | 1 Xpdfreader | 1 Xpdf | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file. | |||||
| CVE-2018-18458 | 1 Xpdfreader | 1 Xpdf | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. | |||||
| CVE-2018-18454 | 1 Xpdfreader | 1 Xpdf | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. | |||||
| CVE-2018-18459 | 1 Xpdfreader | 1 Xpdf | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. | |||||
| CVE-2018-18456 | 1 Xpdfreader | 1 Xpdf | 2024-02-04 | 4.3 MEDIUM | 5.5 MEDIUM |
| The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. | |||||