Xpdfreader

Xpdf

82 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2019-10025

Exploit
  • EPSS 0.16%
  • Veröffentlicht 25.03.2019 00:29:05
  • Zuletzt bearbeitet 21.11.2024 04:18:14

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.

5.5

CVE-2019-10026

Exploit
  • EPSS 0.16%
  • Veröffentlicht 25.03.2019 00:29:05
  • Zuletzt bearbeitet 21.11.2024 04:18:15

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.

7.8

CVE-2019-9878

Exploit
  • EPSS 0.23%
  • Veröffentlicht 21.03.2019 16:01:17
  • Zuletzt bearbeitet 21.11.2024 04:52:29

There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an...

7.8

CVE-2019-9877

Exploit
  • EPSS 0.22%
  • Veröffentlicht 21.03.2019 16:01:17
  • Zuletzt bearbeitet 21.11.2024 04:52:29

There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Den...

5.5

CVE-2018-18651

Exploit
  • EPSS 0.18%
  • Veröffentlicht 25.10.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:56:18

An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number afte...

5.5

CVE-2018-18650

Exploit
  • EPSS 0.18%
  • Veröffentlicht 25.10.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:56:18

An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attemp...

5.5

CVE-2018-18455

  • EPSS 0.41%
  • Veröffentlicht 18.10.2018 06:29:00
  • Zuletzt bearbeitet 21.11.2024 03:55:58

The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

5.5

CVE-2018-18454

  • EPSS 0.53%
  • Veröffentlicht 18.10.2018 06:29:00
  • Zuletzt bearbeitet 21.11.2024 03:55:58

CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

5.5

CVE-2018-18456

  • EPSS 0.53%
  • Veröffentlicht 18.10.2018 06:29:00
  • Zuletzt bearbeitet 21.11.2024 03:55:58

The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

5.5

CVE-2018-18458

  • EPSS 0.22%
  • Veröffentlicht 18.10.2018 06:29:00
  • Zuletzt bearbeitet 21.11.2024 03:55:58

The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.