Filtered by vendor Xpdfreader
Subscriptions
Filtered by product Xpdf
Subscriptions
Total
75 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-3436 | 1 Xpdfreader | 1 Xpdf | 2024-11-07 | 3.3 Low |
Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream. | ||||
CVE-2022-48545 | 1 Xpdfreader | 1 Xpdf | 2024-10-03 | 5.5 Medium |
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02. | ||||
CVE-2018-8107 | 1 Xpdfreader | 1 Xpdf | 2024-09-17 | N/A |
The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. | ||||
CVE-2018-18650 | 1 Xpdfreader | 1 Xpdf | 2024-09-17 | N/A |
An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory. | ||||
CVE-2018-8106 | 1 Xpdfreader | 1 Xpdf | 2024-09-17 | N/A |
The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. | ||||
CVE-2018-8103 | 1 Xpdfreader | 1 Xpdf | 2024-09-17 | N/A |
The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. | ||||
CVE-2018-7174 | 1 Xpdfreader | 1 Xpdf | 2024-09-17 | N/A |
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams. | ||||
CVE-2018-8105 | 1 Xpdfreader | 1 Xpdf | 2024-09-16 | N/A |
The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. | ||||
CVE-2018-18651 | 1 Xpdfreader | 1 Xpdf | 2024-09-16 | N/A |
An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file. | ||||
CVE-2018-7175 | 1 Xpdfreader | 1 Xpdf | 2024-09-16 | N/A |
An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components. | ||||
CVE-2018-11033 | 1 Xpdfreader | 1 Xpdf | 2024-09-16 | N/A |
The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data. | ||||
CVE-2018-8104 | 1 Xpdfreader | 1 Xpdf | 2024-09-16 | N/A |
The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. | ||||
CVE-2022-38171 | 2 Freedesktop, Xpdfreader | 2 Poppler, Xpdf | 2024-09-16 | 7.8 High |
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics). | ||||
CVE-2018-8100 | 1 Xpdfreader | 1 Xpdf | 2024-09-16 | N/A |
The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml. | ||||
CVE-2018-8101 | 1 Xpdfreader | 1 Xpdf | 2024-09-16 | N/A |
The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. | ||||
CVE-2018-8102 | 1 Xpdfreader | 1 Xpdf | 2024-09-16 | N/A |
The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. | ||||
CVE-2018-7173 | 1 Xpdfreader | 1 Xpdf | 2024-09-16 | N/A |
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding. | ||||
CVE-2024-7868 | 1 Xpdfreader | 1 Xpdf | 2024-09-11 | 8.2 High |
In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address. | ||||
CVE-2024-7867 | 1 Xpdfreader | 1 Xpdf | 2024-08-28 | 6.2 Medium |
In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero. | ||||
CVE-2024-7866 | 1 Xpdfreader | 1 Xpdf | 2024-08-20 | 5.5 Medium |
In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow. |