Vulnerabilities > Xpdfreader > Xpdf > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-08-15 | CVE-2024-7868 | Use of Uninitialized Resource vulnerability in Xpdfreader Xpdf In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. | 8.2 |
2023-02-03 | CVE-2021-36493 | Out-of-bounds Write vulnerability in Xpdfreader Xpdf 4.03 Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command. | 7.5 |
2022-09-29 | CVE-2022-38222 | Use After Free vulnerability in Xpdfreader Xpdf 4.04 There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. | 7.8 |
2022-08-22 | CVE-2022-38171 | Integer Overflow or Wraparound vulnerability in multiple products Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). | 7.8 |
2021-08-24 | CVE-2021-30860 | Integer Overflow or Wraparound vulnerability in multiple products An integer overflow was addressed with improved input validation. | 7.8 |
2020-12-26 | CVE-2020-35376 | Out-of-bounds Write vulnerability in multiple products Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function. | 7.5 |
2010-11-05 | CVE-2010-3702 | Null Pointer Dereference vulnerability in multiple products The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference. network low complexity apple freedesktop xpdfreader fedoraproject opensuse suse debian redhat canonical CWE-476 | 7.5 |