Glyph & Cog XpdfReader 4.01.01

CPE Details

Glyph & Cog XpdfReader 4.01.01
4.01.01
2019-09-30
11h23 +00:00
2019-09-30
11h23 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:glyphandcog:xpdfreader:4.01.01:*:*:*:*:*:*:*

Informations

Vendor

glyphandcog

Product

xpdfreader

Version

4.01.01

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2022-24106 2022-08-30 03h05 +00:00 In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.
7.8
Haute
CVE-2022-24107 2022-08-30 03h04 +00:00 Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.
7.8
Haute
CVE-2019-16115 2019-09-08 19h47 +00:00 In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact.
7.8
Haute
CVE-2019-14294 2019-07-27 16h40 +00:00 An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read.
5.5
Moyen
CVE-2019-14293 2019-07-27 16h40 +00:00 An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2.
5.5
Moyen
CVE-2019-14292 2019-07-27 16h40 +00:00 An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1.
5.5
Moyen
CVE-2019-14291 2019-07-27 16h40 +00:00 An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3.
5.5
Moyen
CVE-2019-14290 2019-07-27 16h39 +00:00 An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2.
5.5
Moyen
CVE-2019-14289 2019-07-27 16h39 +00:00 An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case.
5.5
Moyen
CVE-2019-14288 2019-07-27 16h39 +00:00 An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case.
7.8
Haute
CVE-2019-13291 2019-07-04 19h07 +00:00 In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure.
5.5
Moyen
CVE-2019-13289 2019-07-04 19h07 +00:00 In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool.
7.8
Haute
CVE-2019-13288 2019-07-04 19h06 +00:00 In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.
5.5
Moyen
CVE-2019-13287 2019-07-04 19h06 +00:00 In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure. This is related to CVE-2018-16368.
5.5
Moyen
CVE-2019-13286 2019-07-04 19h06 +00:00 In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure.
5.5
Moyen
CVE-2019-13283 2019-07-04 17h48 +00:00 In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
7.8
Haute
CVE-2019-13282 2019-07-04 17h48 +00:00 In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
7.8
Haute
CVE-2019-13281 2019-07-04 17h47 +00:00 In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact.
7.8
Haute
CVE-2019-12958 2019-06-24 21h27 +00:00 In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated.
5.5
Moyen
CVE-2019-12957 2019-06-24 21h27 +00:00 In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact.
7.8
Haute
CVE-2019-12515 2019-06-01 21h39 +00:00 There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service.
7.1
Haute
CVE-2019-12493 2019-05-30 23h12 +00:00 A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data.
7.1
Haute
CVE-2019-12360 2019-05-27 20h01 +00:00 A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.
7.1
Haute