Vulnerabilities > Xpdfreader > Xpdf > High

DATE CVE VULNERABILITY TITLE RISK
2024-08-15 CVE-2024-7868 Use of Uninitialized Resource vulnerability in Xpdfreader Xpdf
In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder.
network
low complexity
xpdfreader CWE-908
8.2
2023-02-03 CVE-2021-36493 Out-of-bounds Write vulnerability in Xpdfreader Xpdf 4.03
Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command.
network
low complexity
xpdfreader CWE-787
7.5
2022-09-29 CVE-2022-38222 Use After Free vulnerability in Xpdfreader Xpdf 4.04
There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04.
local
low complexity
xpdfreader CWE-416
7.8
2022-08-22 CVE-2022-38171 Integer Overflow or Wraparound vulnerability in multiple products
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc).
local
low complexity
xpdfreader freedesktop CWE-190
7.8
2021-08-24 CVE-2021-30860 Integer Overflow or Wraparound vulnerability in multiple products
An integer overflow was addressed with improved input validation.
local
low complexity
apple xpdfreader freedesktop CWE-190
7.8
2020-12-26 CVE-2020-35376 Out-of-bounds Write vulnerability in multiple products
Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function.
network
low complexity
xpdfreader fedoraproject CWE-787
7.5
2010-11-05 CVE-2010-3702 Null Pointer Dereference vulnerability in multiple products
The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.
7.5