Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
255085.6%HIGH

Related CVEs

55
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2021-40226xpdfreader 4.03 is vulnerable to Buffer Overflow.HIGH7.5Nov 10, 2022
CVE-2022-24107Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.HIGH7.8Aug 30, 2022
CVE-2022-24106In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.HIGH7.8Aug 30, 2022
CVE-2019-17064Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.MEDIUM5.569.4%Oct 1, 2019
CVE-2019-16927Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877.MEDIUM5.553.8%Sep 27, 2019
CVE-2019-16115In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact.HIGH7.861.7%Sep 8, 2019
CVE-2019-16088Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc.NONE55.1%Sep 6, 2019
CVE-2019-15860Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002.NONE54.4%Sep 3, 2019
CVE-2019-14294An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read.NONE56.9%Jul 27, 2019
CVE-2019-14293An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2.NONE56.7%Jul 27, 2019
CVE-2019-14292An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1.NONE61.1%Jul 27, 2019
CVE-2019-14291An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3.NONE56.7%Jul 27, 2019
CVE-2019-14290An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2.NONE56.9%Jul 27, 2019
CVE-2019-14289An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case.NONE57.0%Jul 27, 2019
CVE-2019-14288An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case.NONE59.6%Jul 27, 2019
CVE-2019-13291In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure.NONE61.5%Jul 4, 2019
CVE-2019-13289In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool.NONE62.3%Jul 4, 2019
CVE-2019-13288In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.NONE90.4%Jul 4, 2019
CVE-2019-13287In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368.NONE63.9%Jul 4, 2019
CVE-2019-13286In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure.MEDIUM5.562.6%Jul 4, 2019