Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
xpdf vulnerabilities and exploits
(subscribe to this query)
5.5
CVSSv3
CVE-2023-2664
In Xpdf 4.04 (and previous versions), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.
Xpdfreader Xpdf
3.3
CVSSv3
CVE-2023-3044
An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large ch...
Xpdfreader Xpdf
1 Github repository
5.5
CVSSv3
CVE-2022-38334
XPDF v4.04 and previous versions exists to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.
Xpdfreader Xpdf
NA
CVE-2004-1125
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote malicious users to cause a denial of service (application crash) and possibly execute arbitr...
Xpdf Xpdf 3.0
Easy Software Products Cups 1.1.20
Kde Kde 3.2.3
Kde Kde 3.3.2
NA
CVE-2004-0888
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identifi...
Easy Software Products Cups 1.1.10
Easy Software Products Cups 1.1.12
Easy Software Products Cups 1.1.19
Easy Software Products Cups 1.1.19 Rc5
Gnome Gpdf 0.112
Gnome Gpdf 0.131
Kde Koffice 1.3 Beta3
Kde Kpdf 3.2
Pdftohtml Pdftohtml 0.36
Tetex Tetex 1.0.7
Xpdf Xpdf 1.0
Xpdf Xpdf 1.0a
Easy Software Products Cups 1.0.4
Easy Software Products Cups 1.1.15
Easy Software Products Cups 1.1.16
Easy Software Products Cups 1.1.4 2
Easy Software Products Cups 1.1.4 3
Kde Koffice 1.3.2
Kde Koffice 1.3.3
Pdftohtml Pdftohtml 0.33
Pdftohtml Pdftohtml 0.33a
Tetex Tetex 2.0.2
NA
CVE-2004-0889
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
Easy Software Products Cups 1.0.4
Easy Software Products Cups 1.1.12
Easy Software Products Cups 1.1.13
Easy Software Products Cups 1.1.19 Rc5
Easy Software Products Cups 1.1.20
Gnome Gpdf 0.131
Kde Koffice 1.3
Kde Kpdf 3.2
Pdftohtml Pdftohtml 0.32a
Tetex Tetex 1.0.7
Tetex Tetex 2.0
Xpdf Xpdf 1.0a
Xpdf Xpdf 1.1
Easy Software Products Cups 1.1.1
Easy Software Products Cups 1.1.10
Easy Software Products Cups 1.1.18
Easy Software Products Cups 1.1.19
Easy Software Products Cups 1.1.7
Gnome Gpdf 0.112
Kde Koffice 1.3 Beta2
Kde Koffice 1.3 Beta3
Pdftohtml Pdftohtml 0.35
NA
CVE-2010-3704
The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf prior to 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent malicious users to cause a denial of service (crash) and possib...
Poppler Poppler 0.9.0
Poppler Poppler 0.9.1
Poppler Poppler 0.10.4
Poppler Poppler 0.10.5
Poppler Poppler 0.12.0
Poppler Poppler 0.12.1
Poppler Poppler 0.13.3
Poppler Poppler 0.13.4
Poppler Poppler 0.15.1
Poppler Poppler 0.10.0
Poppler Poppler 0.10.1
Poppler Poppler 0.11.0
Poppler Poppler 0.11.1
Poppler Poppler 0.12.4
Poppler Poppler 0.13.0
Poppler Poppler 0.14.3
Poppler Poppler 0.14.4
Poppler Poppler 0.10.2
Poppler Poppler 0.10.3
Poppler Poppler 0.11.2
Poppler Poppler 0.11.3
Poppler Poppler 0.13.1
7.8
CVSSv3
CVE-2020-24999
There is an invalid memory access in the function fprintf located in Error.cc in Xpdf 4.0.2. It can be triggered by sending a crafted PDF file to the pdftohtml binary, which allows a remote malicious user to cause a Denial of Service (Segmentation fault) or possibly have unspecif...
Xpdfreader Xpdf 4.0.2
5.5
CVSSv3
CVE-2018-16369
XRef::fetch in XRef.cc in Xpdf 4.00 allows remote malicious users to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.
Xpdfreader Xpdf 4.00
5.5
CVSSv3
CVE-2018-8101
The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows malicious users to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml.
Xpdfreader Xpdf 4.00
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4651
CVE-2024-34255
elevation of privilege
CVE-2024-25529
CVE-2024-4671
NULL pointer dereference
CVE-2024-25527
template injection
CVE-2008-0166
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »