threat
engine
.sh
Back
·
··:··
Home
/
Product
/
xpdfreader xpdf
Product
xpdfreader xpdf
144 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2024-7868
< 4.06
In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. T
8.2
HIGH
CVE-2024-7867
<= 4.05
In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.
6.2
MEDIUM
CVE-2024-7866
<= 4.05
In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow.
5.5
MEDIUM
CVE-2024-4976
<= 4.05
Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference.
5.5
MEDIUM
CVE-2024-4568
<= 4.05
In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow.
2.9
LOW
CVE-2024-4141
<= 4.05
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was
2.9
LOW
CVE-2024-3900
<= 4.05
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText.
2.9
LOW
CVE-2024-3248
<= 4.05
In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow.
2.9
LOW
CVE-2024-3247
<= 4.05
In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow.
2.9
LOW
CVE-2024-2971
<= 4.05
Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF fil
2.9
LOW
CVE-2022-48545
all versions
An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.
5.5
MEDIUM
CVE-2023-3436
all versions
Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream.
3.3
LOW
CVE-2023-3044
< 4.05
An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's
3.3
LOW
CVE-2023-2664
<= 4.04
In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.
2.9
LOW
CVE-2023-2663
<= 4.04
In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.
2.9
LOW
CVE-2023-2662
<= 4.04
In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.
2.9
LOW
CVE-2023-26930
all versions
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pd
5.5
MEDIUM
CVE-2022-45587
all versions
Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.
5.5
MEDIUM
CVE-2022-45586
all versions
Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of serv
5.5
MEDIUM
CVE-2021-36493
all versions
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.
7.5
HIGH
CVE-2022-43071
all versions
A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service
5.5
MEDIUM
CVE-2022-43295
all versions
XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795.
5.5
MEDIUM
CVE-2022-41844
all versions
An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnera
5.5
MEDIUM
CVE-2022-41843
all versions
An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE
5.5
MEDIUM
CVE-2022-41842
all versions
An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.
5.5
MEDIUM
CVE-2022-38222
all versions
There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a c
7.8
HIGH
CVE-2022-38928
all versions
XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.
7.8
HIGH
CVE-2022-38334
<= 4.04
XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.
5.5
MEDIUM
CVE-2022-36561
all versions
XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.
5.5
MEDIUM
CVE-2022-38171
all versions
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc).
7.8
HIGH
CVE-2022-38238
all versions
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::lookChar() at /xpdf/Stream.cc.
7.8
HIGH
CVE-2022-38237
all versions
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readScan() at /xpdf/Stream.cc.
7.8
HIGH
CVE-2022-38236
all versions
XPDF commit ffaf11c was discovered to contain a global-buffer overflow via Lexer::getObj(Object*) at /xpdf/Lexer.cc.
7.8
HIGH
CVE-2022-38235
all versions
XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::getChar() at /xpdf/Stream.cc.
5.5
MEDIUM
CVE-2022-38234
all versions
XPDF commit ffaf11c was discovered to contain a segmentation violation via Lexer::getObj(Object*) at /xpdf/Lexer.cc.
5.5
MEDIUM
CVE-2022-38233
all versions
XPDF commit ffaf11c was discovered to contain a segmentation violation via DCTStream::readMCURow() at /xpdf/Stream.cc.
5.5
MEDIUM
CVE-2022-38231
all versions
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::getChar() at /xpdf/Stream.cc.
7.8
HIGH
CVE-2022-38230
all versions
XPDF commit ffaf11c was discovered to contain a floating point exception (FPE) via DCTStream::decodeImage() at /xpdf/Stream.cc.
5.5
MEDIUM
CVE-2022-38229
all versions
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc.
7.8
HIGH
CVE-2022-38228
all versions
XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc.
7.8
HIGH
CVE-2022-38227
all versions
XPDF commit ffaf11c was discovered to contain a stack overflow via __asan_memcpy at asan_interceptors_memintrinsics.cpp.
7.8
HIGH
CVE-2022-33108
all versions
XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.
7.8
HIGH
CVE-2021-27548
all versions
There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03.
5.5
MEDIUM
CVE-2022-30775
all versions
xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted P
5.5
MEDIUM
CVE-2022-30524
all versions
There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles ch
7.8
HIGH
CVE-2022-27135
all versions
xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a D
5.5
MEDIUM
CVE-2021-30860
< 4.04
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14
7.8
HIGH
CVE-2020-35376
all versions
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiT
7.5
HIGH
CVE-2020-25725
all versions
In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack-cach
5.0
MEDIUM
CVE-2020-24999
all versions
There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a craf
7.8
HIGH
CVE-2020-24996
all versions
There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be trigger
7.8
HIGH
CVE-2012-2142
all versions
The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing
7.8
HIGH
CVE-2010-0207
all versions
In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) i
5.5
MEDIUM
CVE-2010-0206
all versions
xpdf allows remote attackers to cause a denial of service (NULL pointer dereference and crash) in the way it processes JBIG2 PDF s
5.5
MEDIUM
CVE-2019-16927
all versions
Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a differen
5.5
MEDIUM
CVE-2019-10026
all versions
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll
5.5
MEDIUM
CVE-2019-10025
all versions
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.
5.5
MEDIUM
CVE-2019-10024
all versions
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham param
5.5
MEDIUM
CVE-2019-10023
all versions
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod c
5.5
MEDIUM
CVE-2019-10022
all versions
An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.
5.5
MEDIUM
CVE-2019-10021
all versions
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.
5.5
MEDIUM
CVE-2019-10020
all versions
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham param
5.5
MEDIUM
CVE-2019-10019
all versions
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripe
5.5
MEDIUM
CVE-2019-10018
all versions
An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv
5.5
MEDIUM
CVE-2019-9878
all versions
There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as
7.8
HIGH
CVE-2019-9877
all versions
There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, whic
7.8
HIGH
CVE-2018-18651
all versions
An issue was discovered in Xpdf 4.00. catalog-getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang ca
5.5
MEDIUM
CVE-2018-18650
all versions
An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Over
5.5
MEDIUM
CVE-2018-18459
all versions
The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dere
5.5
MEDIUM
CVE-2018-18458
all versions
The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer d
5.5
MEDIUM
CVE-2018-18457
all versions
The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dere
5.5
MEDIUM
CVE-2018-18456
all versions
The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denia
5.5
MEDIUM
CVE-2018-18455
all versions
The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer ove
5.5
MEDIUM
CVE-2018-18454
all versions
CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-r
5.5
MEDIUM
CVE-2018-16369
all versions
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf fil
5.5
MEDIUM
CVE-2018-16368
all versions
SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based b
5.5
MEDIUM
CVE-2018-11033
all versions
The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial
7.8
HIGH
CVE-2018-8107
all versions
The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-re
5.5
MEDIUM
CVE-2018-8106
all versions
The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buf
5.5
MEDIUM
CVE-2018-8105
all versions
The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer o
5.5
MEDIUM
CVE-2018-8104
all versions
The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-re
5.5
MEDIUM
CVE-2018-8103
all versions
The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-base
5.5
MEDIUM
CVE-2018-8102
all versions
The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer ove
5.5
MEDIUM
CVE-2018-8101
all versions
The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-base
5.5
MEDIUM
CVE-2018-8100
all versions
The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer
7.8
HIGH
CVE-2018-7455
all versions
An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a s
5.5
MEDIUM
CVE-2018-7454
all versions
A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a sp
5.5
MEDIUM
CVE-2018-7453
all versions
Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific
5.5
MEDIUM
CVE-2018-7452
all versions
A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via
5.5
MEDIUM
CVE-2018-7175
all versions
An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service v
5.5
MEDIUM
CVE-2018-7174
all versions
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop de
5.5
MEDIUM
CVE-2018-7173
all versions
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due
5.5
MEDIUM
CVE-2011-2902
< 3.02-19
zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary f
5.3
MEDIUM
CVE-2011-1554
all versions
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to
CVE-2011-1553
all versions
Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote
CVE-2011-1552
all versions
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which all
CVE-2011-0764
all versions
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a
CVE-2010-3704
all versions
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other vers
CVE-2010-3702
<= 3.01
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, k
CVE-2009-4035
all versions
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other librar
CVE-2009-3609
all versions
Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used i
CVE-2009-3608
all versions
Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as us
CVE-2009-3606
all versions
Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, m
CVE-2009-3604
all versions
The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics K
CVE-2009-3603
all versions
Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remot
CVE-2009-0165
all versions
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X
CVE-2009-1183
all versions
The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote
CVE-2009-1182
all versions
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and
CVE-2009-1181
all versions
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote att
CVE-2009-1180
all versions
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote att
CVE-2009-1179
all versions
Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other produc
CVE-2009-0800
all versions
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6,
CVE-2009-0799
all versions
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote att
CVE-2009-0195
all versions
Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execut
CVE-2009-0166
all versions
The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denia
CVE-2009-0147
all versions
Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remo
CVE-2009-0146
all versions
Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remot
CVE-2009-1144
all versions
Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Troja
CVE-2007-5393
all versions
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to exe
CVE-2007-5392
all versions
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary cod
CVE-2007-4352
all versions
Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, K
CVE-2007-3387
all versions
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf bef
CVE-2007-0104
all versions
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4,
CVE-2006-1244
all versions
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b)
CVE-2006-0746
all versions
Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows conte
CVE-2006-0301
all versions
Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdf
CVE-2005-3628
all versions
Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftoh
CVE-2005-3627
all versions
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attac
CVE-2005-3626
all versions
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause
CVE-2005-3625
all versions
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause
CVE-2005-3624
all versions
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and
CVE-2005-3192
all versions
Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) K
CVE-2005-3191
all versions
Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the
CVE-2005-3193
all versions
Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 an
CVE-2005-2097
all versions
xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk
CVE-2005-0064
all versions
Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute a
CVE-2005-0206
all versions
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certa
CVE-2004-0889
all versions
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a deni
CVE-2004-0888
all versions
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow r
CVE-2004-1125
all versions
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpd
CVE-2003-0434
all versions
Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via sh
CVE-2002-1384
all versions
Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbit
CVE-2000-0728
all versions
xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack.
CVE-2000-0727
all versions
xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to ex
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin