Critical

DATE	CVE	VULNERABILITY TITLE	RISK
2009-12-21	CVE-2009-4035	Code Injection vulnerability in multiple products The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow. network gnome kde xpdf CWE-94 critical	9.3
2005-01-27	CVE-2004-0888	Integer Overflow vulnerability in Xpdf PDFTOPS Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889. network low complexity easy-software-products gnome kde pdftohtml tetex xpdf debian gentoo redhat suse ubuntu critical	10.0
2005-01-27	CVE-2004-0889	Integer Overflow vulnerability in Xpdf PDFTOPS Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888. network low complexity easy-software-products gnome kde pdftohtml tetex xpdf debian gentoo redhat suse ubuntu critical	10.0