Xpdfreader

Xpdf

82 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.8

CVE-2022-33108

Exploit
  • EPSS 0.2%
  • Veröffentlicht 28.06.2022 17:15:08
  • Zuletzt bearbeitet 21.11.2024 07:07:33

XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.

5.5

CVE-2021-27548

Exploit
  • EPSS 0.2%
  • Veröffentlicht 18.05.2022 15:15:08
  • Zuletzt bearbeitet 21.11.2024 05:58:10

There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.

5.5

CVE-2022-30775

Exploit
  • EPSS 0.22%
  • Veröffentlicht 16.05.2022 03:15:07
  • Zuletzt bearbeitet 21.11.2024 07:03:21

xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.

7.8

CVE-2022-30524

Exploit
  • EPSS 1.64%
  • Veröffentlicht 09.05.2022 18:15:09
  • Zuletzt bearbeitet 21.11.2024 07:02:52

There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary...

5.5

CVE-2022-27135

Exploit
  • EPSS 0.21%
  • Veröffentlicht 25.04.2022 13:15:49
  • Zuletzt bearbeitet 21.11.2024 06:55:13

xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary.

7.8

CVE-2021-30860

Warnung
  • EPSS 72.86%
  • Veröffentlicht 24.08.2021 19:15:14
  • Zuletzt bearbeitet 27.10.2025 17:38:22

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code e...

7.5

CVE-2020-35376

Exploit
  • EPSS 0.45%
  • Veröffentlicht 26.12.2020 04:15:12
  • Zuletzt bearbeitet 21.11.2024 05:27:14

Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.

5.5

CVE-2020-25725

Exploit
  • EPSS 0.18%
  • Veröffentlicht 21.11.2020 06:15:12
  • Zuletzt bearbeitet 21.11.2024 05:18:35

In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't corr...

7.8

CVE-2020-24999

Exploit
  • EPSS 0.26%
  • Veröffentlicht 03.09.2020 23:15:09
  • Zuletzt bearbeitet 21.11.2024 05:16:25

There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) o...

7.8

CVE-2020-24996

Exploit
  • EPSS 0.24%
  • Veröffentlicht 03.09.2020 23:15:09
  • Zuletzt bearbeitet 21.11.2024 05:16:25

There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial...