Vulnerabilities > Xpdfreader > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-25 | CVE-2019-10019 | Divide By Zero vulnerability in Xpdfreader Xpdf 4.01.01 An issue was discovered in Xpdf 4.01.01. | 4.3 |
| 2019-03-25 | CVE-2019-10018 | Divide By Zero vulnerability in multiple products An issue was discovered in Xpdf 4.01.01. | 5.5 |
| 2019-03-21 | CVE-2019-9878 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. | 6.8 |
| 2019-03-21 | CVE-2019-9877 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xpdfreader Xpdf 4.0.1 There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. | 6.8 |
| 2018-10-25 | CVE-2018-18651 | Excessive Iteration vulnerability in Xpdfreader Xpdf 4.00 An issue was discovered in Xpdf 4.00. | 4.3 |
| 2018-10-25 | CVE-2018-18650 | Integer Overflow or Wraparound vulnerability in Xpdfreader Xpdf 4.00 An issue was discovered in Xpdf 4.00. | 4.3 |
| 2018-10-18 | CVE-2018-18459 | NULL Pointer Dereference vulnerability in Xpdfreader Xpdf 4.00 The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. | 4.3 |
| 2018-10-18 | CVE-2018-18458 | NULL Pointer Dereference vulnerability in Xpdfreader Xpdf 4.00 The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. | 4.3 |
| 2018-10-18 | CVE-2018-18457 | NULL Pointer Dereference vulnerability in Xpdfreader Xpdf 4.00 The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. | 4.3 |
| 2018-10-18 | CVE-2018-18456 | Out-of-bounds Read vulnerability in Xpdfreader Xpdf 4.00 The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. | 4.3 |