Xpdfreader Xpdf 4.01.01

CPE Details

Xpdfreader Xpdf 4.01.01
xpdfreader
xpdf
4.01.01
2019-11-15
16h14 +00:00
2019-11-15
16h14 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:xpdfreader:xpdf:4.01.01:*:*:*:*:*:*:*

Informations

Vendor

xpdfreader

Product

xpdf

Version

4.01.01

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-7868 2024-08-15 20h22 +00:00 In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from an invalid address.
2.1
Bas
CVE-2024-7867 2024-08-15 20h06 +00:00 In Xpdf 4.05 (and earlier), very large coordinates in a page box can cause an integer overflow and divide-by-zero.
2.1
Bas
CVE-2024-7866 2024-08-15 19h50 +00:00 In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource leads to infinite recursion and a stack overflow.
2.1
Bas
CVE-2024-4976 2024-05-15 20h34 +00:00 Out-of-bounds array write in Xpdf 4.05 and earlier, due to missing object type check in AcroForm field reference.
2.1
Bas
CVE-2024-4568 2024-05-06 19h56 +00:00 In Xpdf 4.05 (and earlier), a PDF object loop in the PDF resources leads to infinite recursion and a stack overflow.
5.5
Moyen
CVE-2024-4141 2024-04-24 18h36 +00:00 Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by an invalid character code in a Type 1 font. The root problem was a bounds check that was being optimized away by modern compilers.
5.5
Moyen
CVE-2024-3900 2024-04-17 18h41 +00:00 Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by long Unicode sequence in ActualText.
5.5
Moyen
CVE-2024-3248 2024-04-02 23h04 +00:00 In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads to infinite recursion and a stack overflow.
5.5
Moyen
CVE-2024-3247 2024-04-02 22h57 +00:00 In Xpdf 4.05 (and earlier), a PDF object loop in an object stream leads to infinite recursion and a stack overflow.
5.5
Moyen
CVE-2024-2971 2024-03-26 21h31 +00:00 Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file.
5.5
Moyen
CVE-2023-3044 2023-06-02 22h32 +00:00 An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.
3.3
Bas
CVE-2023-2664 2023-05-11 20h21 +00:00  In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.
5.5
Moyen
CVE-2023-2663 2023-05-11 20h16 +00:00  In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.
9.1
Critique
CVE-2023-2662 2023-05-11 20h08 +00:00 In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.
5.5
Moyen
CVE-2022-38334 2022-09-14 22h00 +00:00 XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.
5.5
Moyen
CVE-2021-30860 2021-08-24 18h49 +00:00 An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
7.8
Haute
CVE-2019-10026 2019-03-24 22h12 +00:00 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.
5.5
Moyen
CVE-2019-10025 2019-03-24 22h12 +00:00 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.
5.5
Moyen
CVE-2019-10024 2019-03-24 22h11 +00:00 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.
5.5
Moyen
CVE-2019-10023 2019-03-24 22h11 +00:00 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.
5.5
Moyen
CVE-2019-10022 2019-03-24 22h11 +00:00 An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.
5.5
Moyen
CVE-2019-10021 2019-03-24 22h11 +00:00 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.
5.5
Moyen
CVE-2019-10020 2019-03-24 22h10 +00:00 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.
5.5
Moyen
CVE-2019-10019 2019-03-24 22h10 +00:00 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.
5.5
Moyen
CVE-2019-10018 2019-03-24 22h10 +00:00 An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.
5.5
Moyen
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.