Vulnerabilities > Xpdfreader

DATE CVE VULNERABILITY TITLE RISK
2018-03-14 CVE-2018-8100 Out-of-bounds Write vulnerability in Xpdfreader Xpdf 4.00
The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml.
6.8
2018-02-24 CVE-2018-7455 Out-of-bounds Read vulnerability in Xpdfreader Xpdf 4.00
An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
4.3
2018-02-24 CVE-2018-7454 NULL Pointer Dereference vulnerability in Xpdfreader Xpdf 4.00
A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
4.3
2018-02-24 CVE-2018-7453 Infinite Loop vulnerability in Xpdfreader Xpdf 4.00
Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.
4.3
2018-02-24 CVE-2018-7452 NULL Pointer Dereference vulnerability in Xpdfreader Xpdf 4.00
A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml.
4.3
2018-02-15 CVE-2018-7175 NULL Pointer Dereference vulnerability in Xpdfreader Xpdf 4.00
An issue was discovered in xpdf 4.00.
4.3
2018-02-15 CVE-2018-7174 Infinite Loop vulnerability in Xpdfreader Xpdf 4.00
An issue was discovered in xpdf 4.00.
4.3
2018-02-15 CVE-2018-7173 Encoding Error vulnerability in Xpdfreader Xpdf 4.00
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.
4.3
2010-11-05 CVE-2010-3702 Null Pointer Dereference vulnerability in multiple products
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
7.5