Vulnerabilities > Xpdf

DATE CVE VULNERABILITY TITLE RISK
2009-12-21 CVE-2009-4035 Code Injection vulnerability in multiple products
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.
network
gnome kde xpdf CWE-94
critical
9.3
2007-11-08 CVE-2007-5393 Buffer Errors vulnerability in Xpdf 3.02P11
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
network
xpdf CWE-119
critical
9.3
2007-11-08 CVE-2007-5392 Buffer Errors vulnerability in Xpdf 3.0.1Pl1
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
network
xpdf CWE-119
critical
9.3
2007-11-08 CVE-2007-4352 Remote Stream.CC vulnerability in Xpdf 3.0.1Pl1
Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.
network
high complexity
xpdf
7.6
2007-01-09 CVE-2007-0104 Improper Input Validation vulnerability in multiple products
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
network
xpdf kde CWE-20
6.8
2006-03-15 CVE-2006-1244 Multiple Unspecified vulnerability in XPDF
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc.
network
high complexity
gnome libextractor xpdf debian
7.6
2006-03-09 CVE-2006-0746 Multiple Unspecified vulnerability in Retired - KPDF
Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in CVE-2005-3627.
network
low complexity
xpdf
7.5
2006-01-30 CVE-2006-0301 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xpdf
Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.
network
low complexity
xpdf CWE-119
7.5
2005-12-31 CVE-2005-3628 Unspecified vulnerability in Xpdf
Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.
network
low complexity
xpdf
7.5
2005-12-31 CVE-2005-3627 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xpdf
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
network
low complexity
xpdf CWE-119
7.5