Vulnerabilities (CVE)

Filtered by vendor Glyphandcog Subscribe
Total 54 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-24106 1 Glyphandcog 1 Xpdfreader 2024-02-04 N/A 7.8 HIGH
In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.
CVE-2022-24107 1 Glyphandcog 1 Xpdfreader 2024-02-04 N/A 7.8 HIGH
Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.
CVE-2019-16927 1 Glyphandcog 1 Xpdf 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877.
CVE-2019-17064 1 Glyphandcog 1 Xpdfreader 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.
CVE-2019-13288 1 Glyphandcog 1 Xpdfreader 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.
CVE-2019-16088 1 Glyphandcog 1 Xpdfreader 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc.
CVE-2019-12360 1 Glyphandcog 1 Xpdfreader 2024-02-04 5.8 MEDIUM 7.1 HIGH
A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.
CVE-2019-9587 1 Glyphandcog 1 Xpdfreader 2024-02-04 6.8 MEDIUM 7.8 HIGH
There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree.
CVE-2019-13281 2 Fedoraproject, Glyphandcog 2 Fedora, Xpdfreader 2024-02-04 6.8 MEDIUM 7.8 HIGH
In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact.
CVE-2019-13289 1 Glyphandcog 1 Xpdfreader 2024-02-04 6.8 MEDIUM 7.8 HIGH
In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool.
CVE-2019-16115 1 Glyphandcog 1 Xpdfreader 2024-02-04 6.8 MEDIUM 7.8 HIGH
In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact.
CVE-2019-12515 1 Glyphandcog 1 Xpdfreader 2024-02-04 5.8 MEDIUM 7.1 HIGH
There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service.
CVE-2019-14291 1 Glyphandcog 1 Xpdfreader 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3.
CVE-2019-14292 1 Glyphandcog 1 Xpdfreader 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1.
CVE-2019-14293 1 Glyphandcog 1 Xpdfreader 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2.
CVE-2019-13291 1 Glyphandcog 1 Xpdfreader 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure.
CVE-2019-13286 2 Fedoraproject, Glyphandcog 2 Fedora, Xpdfreader 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure.
CVE-2019-13287 1 Glyphandcog 1 Xpdfreader 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368.
CVE-2019-12493 1 Glyphandcog 1 Xpdfreader 2024-02-04 5.8 MEDIUM 7.1 HIGH
A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data.
CVE-2019-14289 1 Glyphandcog 1 Xpdfreader 2024-02-04 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case.