CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38228
https://notcve.org/view.php?id=CVE-2022-38228
16 Aug 2022 — XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::transformDataUnit at /xpdf/Stream.cc. Se ha detectado que el commit ffaf11c de XPDF contenía un desbordamiento del búfer de la pila por medio de la función DCTStream::transformDataUnit en el archivo /xpdf/Stream.cc. • https://github.com/jhcloos/xpdf/issues/7 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38229
https://notcve.org/view.php?id=CVE-2022-38229
16 Aug 2022 — XPDF commit ffaf11c was discovered to contain a heap-buffer overflow via DCTStream::readHuffSym(DCTHuffTable*) at /xpdf/Stream.cc. Se ha detectado que el commit ffaf11c de XPDF contenía un desbordamiento del búfer de la pila por medio de la función DCTStream::readHuffSym(DCTHuffTable*) en el archivo /xpdf/Stream.cc. • https://github.com/jhcloos/xpdf/issues/3 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38227
https://notcve.org/view.php?id=CVE-2022-38227
16 Aug 2022 — XPDF commit ffaf11c was discovered to contain a stack overflow via __asan_memcpy at asan_interceptors_memintrinsics.cpp. Se ha detectado que el commit ffaf11c de XPDF contenía un desbordamiento de pila por medio de la función __asan_memcpy en el archivo asan_interceptors_memintrinsics.cpp. • https://github.com/jhcloos/xpdf/issues/4 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 2%CPEs: 4EXPL: 0CVE-2009-4035 – xpdf: buffer overflow in FoFiType1::parse
https://notcve.org/view.php?id=CVE-2009-4035
21 Dec 2009 — The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow. La función FoFiType1::parse en fofi/FoFiType1.cc en Xpdf v3.0.0, en gpdf v2.8.2... • http://cgit.freedesktop.org/poppler/poppler/diff/fofi/FoFiType1.cc?id=4b4fc5c0 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.3EPSS: 4%CPEs: 1EXPL: 0CVE-2007-5392 – DCTStream:: reset()
https://notcve.org/view.php?id=CVE-2007-5392
08 Nov 2007 — Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow. Un desbordamiento de enteros en el método DCTStream::reset en el archivo xpdf/Stream.cc en Xpdf versión 3.02p11, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo PDF diseñado, resultando en un desbordamiento de búfer en la región heap de la memoria. • http://secunia.com/advisories/26503 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 9%CPEs: 1EXPL: 0CVE-2007-5393 – CCITTFaxStream:: lookChar()
https://notcve.org/view.php?id=CVE-2007-5393
08 Nov 2007 — Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter. Un desbordamiento de búfer en la región heap de la memoria en el método CCITTFaxStream::lookChar en el archivo xpdf/Stream.cc en Xpdf versión 3.02p11, permite a atacantes remotos ejecutar código arbitrario por medio de un archivo PDF que contiene un filtro CCITTFaxDecode diseñado. • http://secunia.com/advisories/26503 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 21%CPEs: 1EXPL: 0CVE-2007-4352 – DCTStream:: readProgressiveDataUnit()
https://notcve.org/view.php?id=CVE-2007-4352
08 Nov 2007 — Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file. Un error de índice de matriz en el método DCTStream::readProgressiveDataUnit en el archivo xpdf/Stream.cc en Xpdf versión 3.02pl1, tal y como es usado en poppler, teTeX, KDE, KOffice, CUPS y otros productos, permite a atacantes remotos des... • http://secunia.com/advisories/26503 •
CVSS: 7.8EPSS: 17%CPEs: 17EXPL: 1CVE-2007-0104
https://notcve.org/view.php?id=CVE-2007-0104
09 Jan 2007 — The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. La especificación de Adobe PDF versión 1.3, implementada por (a) xpdf versión 3... • http://docs.info.apple.com/article.html?artnum=305214 • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 2%CPEs: 39EXPL: 0CVE-2006-1244
https://notcve.org/view.php?id=CVE-2006-1244
15 Mar 2006 — Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE... • http://secunia.com/advisories/18948 •
CVSS: 9.1EPSS: 4%CPEs: 1EXPL: 0CVE-2006-0746
https://notcve.org/view.php?id=CVE-2006-0746
09 Mar 2006 — Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in CVE-2005-3627. • http://secunia.com/advisories/19189 •