Vulnerabilities > Xpdf
|2009-12-21||CVE-2009-4035|| Code Injection vulnerability in multiple products |
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.
| 9.3 |
|2007-11-08||CVE-2007-4352|| Remote Stream.CC vulnerability in Xpdf 3.0.1Pl1 |
Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.
| 7.6 |
|2007-11-08||CVE-2007-5392|| Buffer Errors vulnerability in Xpdf 3.0.1Pl1 |
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
| 9.3 |
|2007-11-08||CVE-2007-5393|| Buffer Errors vulnerability in Xpdf 3.02P11 |
Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter.
| 9.3 |
|2007-01-09||CVE-2007-0104|| Improper Input Validation vulnerability in multiple products |
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node.
| 6.8 |
|2006-03-15||CVE-2006-1244|| Multiple Unspecified vulnerability in XPDF |
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc.
| 7.6 |
|2006-03-09||CVE-2006-0746|| Multiple Unspecified vulnerability in Retired - KPDF |
Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in CVE-2005-3627.
| 7.5 |
|2006-01-30||CVE-2006-0301|| Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xpdf |
Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap.
| 7.5 |
|2005-12-31||CVE-2005-3624|| Numeric Errors vulnerability in multiple products |
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
| 5.0 |
|2005-12-31||CVE-2005-3625|| Resource Management Errors vulnerability in multiple products |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
| 10.0 |