CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2971 – Out-of-bounds array access due to negative object numbers in indirect references in Xpdf 4.05
https://notcve.org/view.php?id=CVE-2024-2971
26 Mar 2024 — Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file. Escritura de matriz fuera de los límites en Xpdf 4.05 y versiones anteriores, provocada por un número de objeto negativo en una referencia indirecta en el archivo PDF de entrada. • https://www.xpdfreader.com/security-bug/CVE-2024-2971.html • CWE-787: Out-of-bounds Write •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3044 – Divide-by-zero in Xpdf 4.04 due to very large page size
https://notcve.org/view.php?id=CVE-2023-3044
02 Jun 2023 — An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate. Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected. • https://github.com/baker221/poc-xpdf • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2664 – Stack overflow in Xpdf 4.04 due to object loop in PDF embedded file tree
https://notcve.org/view.php?id=CVE-2023-2664
11 May 2023 — In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow. Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected. • https://forum.xpdfreader.com/viewtopic.php?t=42422 • CWE-674: Uncontrolled Recursion •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2663 – Stack overflow in Xpdf 4.04 due to object loop in PDF page label tree
https://notcve.org/view.php?id=CVE-2023-2663
11 May 2023 — In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow. Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected. • https://forum.xpdfreader.com/viewtopic.php?t=42421 • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2662 – Divide-by-zero in Xpdf 4.04 due to bad color space object
https://notcve.org/view.php?id=CVE-2023-2662
11 May 2023 — In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero. Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected. • https://forum.xpdfreader.com/viewtopic.php?t=42505 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-38334 – Gentoo Linux Security Advisory 202409-25
https://notcve.org/view.php?id=CVE-2022-38334
15 Sep 2022 — XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc. Se ha descubierto que XPDF v4.04 y anteriores contienen un desbordamiento de pila a través de la función Catalog::countPageTree() en Catalog.cc Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=42122 • CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 64%CPEs: 15EXPL: 2CVE-2021-30860 – Apple Multiple Products Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-30860
24 Aug 2021 — An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se ha solucionado un desbordamiento de enteros con una validación de entrada mejorada. • https://github.com/jeffssh/CVE-2021-30860 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.4EPSS: 0%CPEs: 4EXPL: 0CVE-2011-2902
https://notcve.org/view.php?id=CVE-2011-2902
30 Jan 2018 — zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-12+squeeze1 as packaged in Debian squeeze deletes temporary files insecurely, which allows remote attackers to delete arbitrary files via a crafted .pdf.gz file name. zxpdf en xpdf, en versiones anteriores a la 3.02-19, tal y como se distribuye en Debian unstable y 3.02-12+squeeze1 tal y como se distribuye en Debian squeeze, elimina archivos temporales de forma no segura. Esto permite que los atacantes remotos eliminen archivos arbitrarios... • http://www.openwall.com/lists/oss-security/2014/02/08/5 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 22%CPEs: 64EXPL: 0CVE-2011-1552 – t1lib: invalid read crash via crafted Type 1 font
https://notcve.org/view.php?id=CVE-2011-1552
31 Mar 2011 — t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764. t1lib v5.1.2 y versiones anteriores, utilizando en Xpdf anterior a v3.02pl6 y otros productos, realiza lecturas desde posiciones de memoria inválidas, permitiendo a atacantes remotos provocar una denegación de servicio (c... • http://rhn.redhat.com/errata/RHSA-2012-1201.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 5%CPEs: 64EXPL: 0CVE-2011-1553 – t1lib: Use-after-free via crafted Type 1 font
https://notcve.org/view.php?id=CVE-2011-1553
31 Mar 2011 — Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764. Vulnerabilidad liberar después de usar (use-after-free) en t1lib v5.1.2 y anteriores, utilizado en Xpdf anterior a v3.02pl6 y otros productos, permite a atacantes remotos provocar una de... • http://rhn.redhat.com/errata/RHSA-2012-1201.html • CWE-399: Resource Management Errors CWE-416: Use After Free •