Filtered by vendor Glyphandcog
Subscriptions
Filtered by product Xpdfreader
Subscriptions
Total
53 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2010-3704 | 5 Foolabs, Glyphandcog, Kde and 2 more | 5 Xpdf, Xpdfreader, Kdegraphics and 2 more | 2024-08-07 | N/A |
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption. | ||||
CVE-2011-1553 | 4 Foolabs, Glyphandcog, Redhat and 1 more | 4 Xpdf, Xpdfreader, Enterprise Linux and 1 more | 2024-08-06 | N/A |
Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764. | ||||
CVE-2011-1554 | 4 Foolabs, Glyphandcog, Redhat and 1 more | 4 Xpdf, Xpdfreader, Enterprise Linux and 1 more | 2024-08-06 | N/A |
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764. | ||||
CVE-2011-1552 | 4 Foolabs, Glyphandcog, Redhat and 1 more | 4 Xpdf, Xpdfreader, Enterprise Linux and 1 more | 2024-08-06 | N/A |
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764. | ||||
CVE-2011-0764 | 4 Foolabs, Glyphandcog, Redhat and 1 more | 4 Xpdf, Xpdfreader, Enterprise Linux and 1 more | 2024-08-06 | N/A |
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf. | ||||
CVE-2019-17064 | 1 Glyphandcog | 1 Xpdfreader | 2024-08-05 | 5.5 Medium |
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. | ||||
CVE-2019-16088 | 1 Glyphandcog | 1 Xpdfreader | 2024-08-05 | N/A |
Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc. | ||||
CVE-2019-16115 | 1 Glyphandcog | 1 Xpdfreader | 2024-08-05 | 7.8 High |
In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact. | ||||
CVE-2019-15860 | 1 Glyphandcog | 1 Xpdfreader | 2024-08-05 | N/A |
Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002. | ||||
CVE-2019-14293 | 1 Glyphandcog | 1 Xpdfreader | 2024-08-05 | N/A |
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2. | ||||
CVE-2019-14292 | 1 Glyphandcog | 1 Xpdfreader | 2024-08-05 | N/A |
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1. | ||||
CVE-2019-14289 | 1 Glyphandcog | 1 Xpdfreader | 2024-08-05 | N/A |
An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case. | ||||
CVE-2019-14294 | 1 Glyphandcog | 1 Xpdfreader | 2024-08-05 | N/A |
An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read. | ||||
CVE-2019-14288 | 1 Glyphandcog | 1 Xpdfreader | 2024-08-05 | N/A |
An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case. | ||||
CVE-2019-14290 | 1 Glyphandcog | 1 Xpdfreader | 2024-08-05 | N/A |
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2. | ||||
CVE-2019-14291 | 1 Glyphandcog | 1 Xpdfreader | 2024-08-05 | N/A |
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3. | ||||
CVE-2019-13287 | 1 Glyphandcog | 1 Xpdfreader | 2024-08-04 | N/A |
In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368. | ||||
CVE-2019-13291 | 1 Glyphandcog | 1 Xpdfreader | 2024-08-04 | N/A |
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure. | ||||
CVE-2019-13286 | 2 Fedoraproject, Glyphandcog | 2 Fedora, Xpdfreader | 2024-08-04 | 5.5 Medium |
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. | ||||
CVE-2019-13289 | 1 Glyphandcog | 1 Xpdfreader | 2024-08-04 | N/A |
In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. |