Vulnerabilities > Xpdfreader > Xpdf > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-09-03 | CVE-2020-24996 | Improper Initialization vulnerability in Xpdfreader Xpdf 4.0.2 There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. | 7.8 |
| 2020-01-09 | CVE-2012-2142 | The error function in Error.cc in poppler before 0.21.4 allows remote attackers to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator. | 7.8 |
| 2019-03-21 | CVE-2019-9878 | Out-of-bounds Read vulnerability in multiple products There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. | 7.8 |
| 2019-03-21 | CVE-2019-9877 | Out-of-bounds Write vulnerability in Xpdfreader Xpdf 4.0.1 There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. | 7.8 |
| 2018-05-14 | CVE-2018-11033 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Xpdfreader Xpdf 4.00 The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data. | 7.8 |
| 2018-03-14 | CVE-2018-8100 | Out-of-bounds Write vulnerability in Xpdfreader Xpdf 4.00 The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml. | 7.8 |