Glyphandcog

Xpdfreader

53 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2019-14291

Exploit
  • EPSS 0.17%
  • Published 27.07.2019 19:15:11
  • Last modified 21.11.2024 04:26:23

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3.

5.5

CVE-2019-14292

Exploit
  • EPSS 0.17%
  • Published 27.07.2019 19:15:11
  • Last modified 21.11.2024 04:26:23

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1.

5.5

CVE-2019-14293

Exploit
  • EPSS 0.17%
  • Published 27.07.2019 19:15:11
  • Last modified 21.11.2024 04:26:23

An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2.

5.5

CVE-2019-14294

Exploit
  • EPSS 0.19%
  • Published 27.07.2019 19:15:11
  • Last modified 21.11.2024 04:26:23

An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read.

5.5

CVE-2019-13291

Exploit
  • EPSS 0.25%
  • Published 04.07.2019 22:15:10
  • Last modified 21.11.2024 04:24:38

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Informati...

7.8

CVE-2019-13289

Exploit
  • EPSS 0.29%
  • Published 04.07.2019 22:15:10
  • Last modified 21.11.2024 04:24:38

In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool.

5.5

CVE-2019-13288

Exploit
  • EPSS 31.54%
  • Published 04.07.2019 22:15:10
  • Last modified 21.11.2024 04:24:37

In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.

5.5

CVE-2019-13287

Exploit
  • EPSS 0.2%
  • Published 04.07.2019 22:15:10
  • Last modified 21.11.2024 04:24:37

In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an at...

5.5

CVE-2019-13286

Exploit
  • EPSS 0.32%
  • Published 04.07.2019 22:15:10
  • Last modified 21.11.2024 04:24:37

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker t...

7.8

CVE-2019-13283

Exploit
  • EPSS 0.29%
  • Published 04.07.2019 20:15:10
  • Last modified 21.11.2024 04:24:37

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be trigger...