Affected Products

Vendor / product matrix with CVE counts sourced from the CPE catalog.

Export CSV

Products

1 vendor
VendorProductsCVEsKEVAvg EPSSWorst Severity
xpdfreader
165117.1%HIGH

Related CVEs

65
CVE IDDescriptionSeverityCVSSKEVEPSSPublished
CVE-2024-7868In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address.LOW2.131.0%Aug 15, 2024
CVE-2024-7867In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.LOW2.111.5%Aug 15, 2024
CVE-2024-7866In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow.LOW2.112.1%Aug 15, 2024
CVE-2024-4976Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference.LOW2.16.1%May 15, 2024
CVE-2024-4568In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow.MEDIUM5.512.3%May 6, 2024
CVE-2024-4141Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers. MEDIUM5.57.8%Apr 24, 2024
CVE-2024-3900Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText. MEDIUM5.57.5%Apr 17, 2024
CVE-2024-3248In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow. MEDIUM5.521.0%Apr 2, 2024
CVE-2024-3247In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow. MEDIUM5.520.8%Apr 2, 2024
CVE-2024-2971Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file. MEDIUM5.57.5%Mar 26, 2024
CVE-2022-48545An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.MEDIUM5.513.9%Aug 22, 2023
CVE-2023-3436Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream. LOW3.3Jun 27, 2023
CVE-2023-3044An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate. LOW3.3Jun 2, 2023
CVE-2023-2664 In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow. MEDIUM5.522.1%May 11, 2023
CVE-2023-2663 In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow. MEDIUM5.537.9%May 11, 2023
CVE-2023-2662In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero. MEDIUM5.519.6%May 11, 2023
CVE-2023-26930Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.”MEDIUM5.525.4%Apr 26, 2023
CVE-2022-45587Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.MEDIUM5.5Feb 15, 2023
CVE-2022-45586Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service.MEDIUM5.5Feb 15, 2023
CVE-2021-36493Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.HIGH7.5Feb 3, 2023