Skip to main content

Xpdfreader

29 CVEs product

Monthly

CVE-2022-24107 HIGH This Week

Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Xpdfreader
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-24106 HIGH This Week

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Xpdfreader
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2019-17064 MEDIUM POC This Month

Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xpdfreader
NVD
CVSS 3.1
5.5
EPSS
1.4%
CVE-2019-16115 HIGH POC This Week

In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Xpdfreader
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-16088 MEDIUM POC This Month

Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdfreader
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-15860 MEDIUM POC This Month

Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xpdfreader
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-14294 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2019-14293 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-14292 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD GitHub
CVSS 3.0
5.5
EPSS
1.1%
CVE-2019-14291 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD GitHub
CVSS 3.0
5.5
EPSS
0.9%
CVE-2019-14290 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2019-14289 MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Xpdfreader
NVD GitHub
CVSS 3.0
5.5
EPSS
1.0%
CVE-2019-14288 HIGH POC This Week

An issue was discovered in Xpdf 4.01.01. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Xpdfreader
NVD GitHub
CVSS 3.0
7.8
EPSS
1.0%
CVE-2019-13291 MEDIUM POC This Month

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD
CVSS 3.0
5.5
EPSS
1.1%
CVE-2019-13289 HIGH POC This Week

In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption Xpdfreader
NVD GitHub
CVSS 3.0
7.8
EPSS
1.1%
CVE-2019-13288 MEDIUM POC This Month

In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdfreader
NVD GitHub
CVSS 3.0
5.5
EPSS
4.6%
CVE-2019-13287 MEDIUM POC This Month

In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD GitHub
CVSS 3.0
5.5
EPSS
1.2%
CVE-2019-13286 MEDIUM POC This Month

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader Fedora
NVD GitHub
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-13283 HIGH POC This Week

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Xpdfreader Fedora
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-13282 HIGH POC This Week

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Xpdfreader Fedora
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2019-13281 HIGH POC This Week

In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption Xpdfreader Fedora
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-12958 MEDIUM POC This Month

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD
CVSS 3.0
5.5
EPSS
1.2%
CVE-2019-12957 HIGH POC This Week

In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Xpdfreader Fedora
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2019-12515 HIGH POC This Week

There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Xpdfreader
NVD GitHub
CVSS 3.0
7.1
EPSS
1.3%
CVE-2019-12493 HIGH POC This Week

A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Xpdfreader
NVD
CVSS 3.0
7.1
EPSS
1.3%
CVE-2019-12360 HIGH This Week

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure Xpdfreader
NVD
CVSS 3.0
7.1
EPSS
1.1%
CVE-2019-9589 HIGH POC This Week

There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xpdfreader
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-9588 HIGH POC This Week

There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Xpdfreader
NVD
CVSS 3.0
7.8
EPSS
1.2%
CVE-2019-9587 HIGH POC This Week

There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Xpdfreader
NVD
CVSS 3.0
7.8
EPSS
1.2%
EPSS 0% CVSS 7.8
HIGH This Week

Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Xpdfreader
NVD
EPSS 0% CVSS 7.8
HIGH This Week

In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Information Disclosure Xpdfreader
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xpdfreader
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdfreader
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xpdfreader
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

An issue was discovered in Xpdf 4.01.01. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Xpdfreader
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

An issue was discovered in Xpdf 4.01.01. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Xpdfreader
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Use After Free Information Disclosure Memory Corruption +1
NVD GitHub
EPSS 5% CVSS 5.5
MEDIUM POC This Month

In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Xpdfreader
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader +1
NVD GitHub
EPSS 1% CVSS 7.8
HIGH POC This Week

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure +2
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure +2
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Memory Corruption +2
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Information Disclosure Xpdfreader
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure +2
NVD
EPSS 1% CVSS 7.1
HIGH POC This Week

There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 7.1
HIGH POC This Week

A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure +1
NVD
EPSS 1% CVSS 7.1
HIGH This Week

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. Rated high severity (CVSS 7.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Information Disclosure +1
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Xpdfreader
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Xpdfreader
NVD
EPSS 1% CVSS 7.8
HIGH POC This Week

There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Xpdfreader
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy