CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-13282
https://notcve.org/view.php?id=CVE-2019-13282
04 Jul 2019 — In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. In Xpdf versión 4.01.01, se podría desencadenar una lectura excesiva del búfer en la región heap de la memoria en la función en Sa... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41842 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-13281
https://notcve.org/view.php?id=CVE-2019-13281
04 Jul 2019 — In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact. En Xpdf versión 4.01.01, se podría desencadenar una vulnerabilidad de desbordamiento de búfer basado en memoria dinámica (heap) en DCTStream::decod... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41841 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12958
https://notcve.org/view.php?id=CVE-2019-12958
24 Jun 2019 — In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one element allocated. En Xpdf versión 4.01.01, se podría desencadenar una lectura excesiva del búfer en la región heap de la memoria en la función FoFiType1C::convertToType0 en el archivo fofi/FoFiType1C.cc cuando se intenta acceder al segundo elemento de la matriz privateDicts, debido... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41815 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2019-12957
https://notcve.org/view.php?id=CVE-2019-12957
24 Jun 2019 — In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It allows an attacker to use a crafted pdf file to cause Denial of Service or an information leak, or possibly have unspecified other impact. En Xpdf versión 4.01.01, una lectura excesiva del búfer podría activarse en la función FoFiType1C::convertToTyp... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41813 • CWE-125: Out-of-bounds Read CWE-129: Improper Validation of Array Index •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12515
https://notcve.org/view.php?id=CVE-2019-12515
01 Jun 2019 — There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an attacker to cause Information Disclosure or a denial of service. Se presenta una vulnerabilidad de lectura fuera de límites en la función FlateStream::getChar() ubicada en el archivo Stream.cc en Xpdf versión 4.01.01. Por ejemplo, puede activarse enviando un documento PDF creado pa... • https://github.com/PanguL4b/pocs/tree/master/xpdf/out-of-bounds-read-in-FlateStream__getChar • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-12493
https://notcve.org/view.php?id=CVE-2019-12493
31 May 2019 — A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data. Existe una sobre-lectura del búfer basado en la pila en PostScriptFunction :: transform en Function.cc en Xpdf 4.01.01 porque GfxSeparationColorSpace y G... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41806 • CWE-125: Out-of-bounds Read •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12360
https://notcve.org/view.php?id=CVE-2019-12360
27 May 2019 — A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content. existe un una sobrelectura de búfer basada en pila en la función FoFiTrueType::dumpString en el archivo fofi/FoFiTrueType.cc en Xpdf versión 4.01.01. Por ejemplo, puede activarse enviando datos TrueType en ... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41801 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9587
https://notcve.org/view.php?id=CVE-2019-9587
06 Mar 2019 — There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree. En la versión 4.01 de Xpdf, hay un fallo del consumo de pila en md5Round1() en Decrypt.cc. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41263 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9588
https://notcve.org/view.php?id=CVE-2019-9588
06 Mar 2019 — There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. En la versión 4.01 de Xpdf, hay un acceso de memoria inválida en gAtomicIncrement() en GMutex.h Puede desencadenarse mediante el envío de un archivo pdf manipulado a, por ejemplo, el binario pdftops. Permite a un atacante ... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41261 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9589
https://notcve.org/view.php?id=CVE-2019-9589
06 Mar 2019 — There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. En la versión 4.01 de Xpdf, hay una vulnerabilidad de desreferencia de puntero NULL en PSOutputDev::setupResources() en PSOutputDev.cc. Puede desencadenarse mediante el envío de un archivo ... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41262 • CWE-476: NULL Pointer Dereference •