Vulnerabilities > Xpdf

DATE CVE VULNERABILITY TITLE RISK
2005-01-27 CVE-2004-0888 Integer Overflow vulnerability in Xpdf PDFTOPS
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889.
10.0
2005-01-10 CVE-2004-1125 Improper Input Validation vulnerability in multiple products
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded.
9.3
2003-07-24 CVE-2003-0434 Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.
network
low complexity
adobe xpdf mandrakesoft redhat
7.5
2003-01-02 CVE-2002-1384 Integer Overflow vulnerability in Xpdf/CUPS pdftops
Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.
local
low complexity
easy-software-products xpdf
7.2
2000-10-20 CVE-2000-0728 Unspecified vulnerability in Xpdf 0.90
xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack.
local
low complexity
xpdf
7.2
2000-10-20 CVE-2000-0727 Unspecified vulnerability in Xpdf 0.90
xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters.
network
high complexity
xpdf
7.6