CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-43295 – Gentoo Linux Security Advisory 202409-25
https://notcve.org/view.php?id=CVE-2022-43295
14 Nov 2022 — XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795. Se descubrió que XPDF v4.04 contenía un desbordamiento de memoria mediante la función FileStream::copy() en xpdf/Stream.cc:795. Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected. • https://forum.xpdfreader.com/viewtopic.php?t=42360 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41842 – Gentoo Linux Security Advisory 202409-25
https://notcve.org/view.php?id=CVE-2022-41842
30 Sep 2022 — An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc. Se ha detectado un problema en Xpdf versión 4.04. Se presenta un fallo en la función gfseek(_IO_FILE*, long, int) en el archivo goo/gfile.cc Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected. • http://www.xpdfreader.com/download.html • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41843 – Gentoo Linux Security Advisory 202409-25
https://notcve.org/view.php?id=CVE-2022-41843
30 Sep 2022 — An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928. Se ha detectado un problema en Xpdf versión 4.04. Se presenta un fallo en la función convertToType0 en el archivo fofi/FoFiType1C.cc, una vulnerabilidad diferente a CVE-2022-38928 Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected. • https://forum.xpdfreader.com/viewtopic.php?f=1&t=42344 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41844 – Gentoo Linux Security Advisory 202409-25
https://notcve.org/view.php?id=CVE-2022-41844
30 Sep 2022 — An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088. Se ha detectado un problema en versión Xpdf versión 4.04. Se presenta un fallo en la función XRef::fetch(int, int, Object*, int) en el archivo xpdf/XRef.cc, una vulnerabilidad diferente a CVE-2018-16369 y CVE-2019-16088 Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions gr... • http://www.xpdfreader.com/download.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38928 – Gentoo Linux Security Advisory 202409-25
https://notcve.org/view.php?id=CVE-2022-38928
21 Sep 2022 — XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393. XPDF versión 4.04, es vulnerable a una Desreferencia de Puntero Null en el archivo FoFiType1C.cc:2393 Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=42325&sid=7b08ba9a518a99ce3c5ff40e53fc6421 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-38334 – Gentoo Linux Security Advisory 202409-25
https://notcve.org/view.php?id=CVE-2022-38334
15 Sep 2022 — XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc. Se ha descubierto que XPDF v4.04 y anteriores contienen un desbordamiento de pila a través de la función Catalog::countPageTree() en Catalog.cc Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=42122 • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-36561 – Gentoo Linux Security Advisory 202409-25
https://notcve.org/view.php?id=CVE-2022-36561
30 Aug 2022 — XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538. Se ha detectado que XPDF versión v4.0.4, contiene una violación de segmentación por medio del componente /xpdf/AcroForm.cc:538 Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=42308 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38171 – Gentoo Linux Security Advisory 202405-18
https://notcve.org/view.php?id=CVE-2022-38171
22 Aug 2022 — Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics). Xpdf versiones anteriores a 4.04, contiene un desbordamiento de enteros en el decodificador JBIG2 (la función JBIG2Stream::readSymbolDictSeg() en el archivo JBIG2Stream.cc). El proc... • http://www.openwall.com/lists/oss-security/2022/09/02/11 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38222 – Gentoo Linux Security Advisory 202409-25
https://notcve.org/view.php?id=CVE-2022-38222
15 Aug 2022 — There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact. Se presenta un problema de uso de memoria previamente liberada en la función JBIG2Stream::close() ubicado en el archivo JBIG2Stream.cc en Xpdf 4.04. Puede desencadenarse mediante el envío de un archivo PDF diseñado a (por ejemplo) el b... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=42320 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2022-33108 – Gentoo Linux Security Advisory 202409-25
https://notcve.org/view.php?id=CVE-2022-33108
28 Jun 2022 — XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files. Se ha detectado que XPDF versión v4.04, contiene una vulnerabilidad de desbordamiento de pila por medio de la clase Object::Copy de los archivos object.cc Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=42284 • CWE-787: Out-of-bounds Write •