Glyph & Cog XpdfReader 4.01

CPE Details

Glyph & Cog XpdfReader 4.01
glyphandcog
xpdfreader
4.01
2019-03-06
15h33 +00:00
2019-03-06
15h33 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:glyphandcog:xpdfreader:4.01:*:*:*:*:*:*:*

Informations

Vendor

glyphandcog

Product

xpdfreader

Version

4.01

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2022-24106 2022-08-30 03h05 +00:00 In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.
7.8
High
CVE-2022-24107 2022-08-30 03h04 +00:00 Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.
7.8
High
CVE-2019-9587 2019-03-06 07h00 +00:00 There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree.
7.8
High
CVE-2019-9588 2019-03-06 07h00 +00:00 There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
7.8
High
CVE-2019-9589 2019-03-06 07h00 +00:00 There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
7.8
High
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.