Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xpdfreader xpdf vulnerabilities and exploits
(subscribe to this query)
3.3
CVSSv3
CVE-2023-3044
An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large ch...
Xpdfreader Xpdf
1 Github repository
5.5
CVSSv3
CVE-2023-2662
In Xpdf 4.04 (and previous versions), a bad color space object in the input PDF file can cause a divide-by-zero.
Xpdfreader Xpdf
5.5
CVSSv3
CVE-2023-2663
In Xpdf 4.04 (and previous versions), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.
Xpdfreader Xpdf
5.5
CVSSv3
CVE-2023-2664
In Xpdf 4.04 (and previous versions), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.
Xpdfreader Xpdf
5.5
CVSSv3
CVE-2022-38334
XPDF v4.04 and previous versions exists to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.
Xpdfreader Xpdf
5.5
CVSSv3
CVE-2018-18455
The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote malicious users to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
Xpdfreader Xpdf 4.00
5.5
CVSSv3
CVE-2018-18456
The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote malicious users to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm.
Xpdfreader Xpdf 4.00
5.5
CVSSv3
CVE-2018-18457
The function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remote malicious users to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
Xpdfreader Xpdf 4.00
5.5
CVSSv3
CVE-2018-18458
The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote malicious users to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
Xpdfreader Xpdf 4.00
5.5
CVSSv3
CVE-2018-18459
The function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remote malicious users to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm.
Xpdfreader Xpdf 4.00
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »