Xpdfreader

Xpdf

82 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2018-18459

  • EPSS 0.22%
  • Veröffentlicht 18.10.2018 06:29:00
  • Zuletzt bearbeitet 21.11.2024 03:55:58

The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.

5.5

CVE-2018-18457

  • EPSS 0.22%
  • Veröffentlicht 18.10.2018 06:29:00
  • Zuletzt bearbeitet 21.11.2024 03:55:58

The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.

5.5

CVE-2018-16369

Exploit
  • EPSS 0.72%
  • Veröffentlicht 03.09.2018 00:29:00
  • Zuletzt bearbeitet 21.11.2024 03:52:37

XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.

5.5

CVE-2018-16368

Exploit
  • EPSS 0.4%
  • Veröffentlicht 03.09.2018 00:29:00
  • Zuletzt bearbeitet 21.11.2024 03:52:37

SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.

7.8

CVE-2018-11033

  • EPSS 0.22%
  • Veröffentlicht 14.05.2018 00:29:00
  • Zuletzt bearbeitet 21.11.2024 03:42:31

The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data.

5.5

CVE-2018-8103

  • EPSS 0.15%
  • Veröffentlicht 14.03.2018 03:29:00
  • Zuletzt bearbeitet 21.11.2024 04:13:16

The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

7.8

CVE-2018-8100

  • EPSS 0.22%
  • Veröffentlicht 14.03.2018 03:29:00
  • Zuletzt bearbeitet 21.11.2024 04:13:15

The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pd...

5.5

CVE-2018-8101

  • EPSS 0.15%
  • Veröffentlicht 14.03.2018 03:29:00
  • Zuletzt bearbeitet 21.11.2024 04:13:15

The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

5.5

CVE-2018-8102

  • EPSS 0.15%
  • Veröffentlicht 14.03.2018 03:29:00
  • Zuletzt bearbeitet 21.11.2024 04:13:15

The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.

5.5

CVE-2018-8104

  • EPSS 0.15%
  • Veröffentlicht 14.03.2018 03:29:00
  • Zuletzt bearbeitet 21.11.2024 04:13:16

The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.