Vulnerabilities > Xpdf
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-01-27 | CVE-2004-0888 | Integer Overflow vulnerability in Xpdf PDFTOPS Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889. | 10.0 |
| 2005-01-10 | CVE-2004-1125 | Improper Input Validation vulnerability in multiple products Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded. | 9.3 |
| 2003-07-24 | CVE-2003-0434 | Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink. | 7.5 |
| 2003-01-02 | CVE-2002-1384 | Integer Overflow vulnerability in Xpdf/CUPS pdftops Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf. | 7.2 |
| 2000-10-20 | CVE-2000-0728 | Unspecified vulnerability in Xpdf 0.90 xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack. | 7.2 |
| 2000-10-20 | CVE-2000-0727 | Unspecified vulnerability in Xpdf 0.90 xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters. | 7.6 |