CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-38222 – Gentoo Linux Security Advisory 202409-25
https://notcve.org/view.php?id=CVE-2022-38222
15 Aug 2022 — There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact. Se presenta un problema de uso de memoria previamente liberada en la función JBIG2Stream::close() ubicado en el archivo JBIG2Stream.cc en Xpdf 4.04. Puede desencadenarse mediante el envío de un archivo PDF diseñado a (por ejemplo) el b... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=42320 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 3CVE-2022-33108 – Gentoo Linux Security Advisory 202409-25
https://notcve.org/view.php?id=CVE-2022-33108
28 Jun 2022 — XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files. Se ha detectado que XPDF versión v4.04, contiene una vulnerabilidad de desbordamiento de pila por medio de la clase Object::Copy de los archivos object.cc Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=42284 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-27548 – Gentoo Linux Security Advisory 202405-18
https://notcve.org/view.php?id=CVE-2021-27548
18 May 2022 — There is a Null Pointer Dereference vulnerability in the XFAScanner::scanNode() function in XFAScanner.cc in xpdf 4.03. Se presenta una vulnerabilidad de desreferencia de puntero Null en la función XFAScanner::scanNode() en el archivo XFAScanner.cc en xpdf versión 4.03 Multiple vulnerabilities have been discovered in Xpdf, the worst of which could possibly lead to arbitrary code execution. Versions greater than or equal to 4.04 are affected. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=42115 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-30775 – Gentoo Linux Security Advisory 202409-25
https://notcve.org/view.php?id=CVE-2022-30775
16 May 2022 — xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option. xpdf versión 4.04, asigna un exceso de memoria cuando le es presentada una entrada diseñada. Esto puede ser desencadenado (por ejemplo) mediante el envío de un documento PDF diseñado al binario pdftoppm. Es más fácil de reproducir con la opción DCMAKE_CXX_COMPILE... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=42264 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2022-30524 – Gentoo Linux Security Advisory 202409-25
https://notcve.org/view.php?id=CVE-2022-30524
09 May 2022 — There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. Se presenta un acceso no válido a la memoria en la clase TextLine en el archivo TextOutputDev.cc en Xpdf versión 4.0.4, porque el extrac... • https://github.com/rishvic/xpdf-docker • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2022-27135 – Gentoo Linux Security Advisory 202405-18
https://notcve.org/view.php?id=CVE-2022-27135
25 Apr 2022 — xpdf 4.03 has heap buffer overflow in the function readXRefTable located in XRef.cc. An attacker can exploit this bug to cause a Denial of Service (Segmentation fault) or other unspecified effects by sending a crafted PDF file to the pdftoppm binary. xpdf versión 4.03, presenta un desbordamiento del búfer de la pila en la función readXRefTable ubicada en el archivo XRef.cc. Un atacante puede explotar este bug para causar una denegación de servicio (fallo de segmentación) u otros efectos no especificados med... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=42232 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 2CVE-2021-30860 – Apple Multiple Products Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-30860
24 Aug 2021 — An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se ha solucionado un desbordamiento de enteros con una validación de entrada mejorada. • https://github.com/jeffssh/CVE-2021-30860 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 1CVE-2020-35376 – Gentoo Linux Security Advisory 202405-18
https://notcve.org/view.php?id=CVE-2020-35376
26 Dec 2020 — Xpdf 4.02 allows stack consumption because of an incorrect subroutine reference in a Type 1C font charstring, related to the FoFiType1C::getOp() function. Xpdf versión 4.02 permite un consumo de la pila debido a una referencia de subrutina incorrecta en una cadena de caracteres fuente Tipo 1C, relacionada con la función FoFiType1C::getOp() Multiple vulnerabilities have been discovered in Xpdf, the worst of which could possibly lead to arbitrary code execution. Versions greater than or equal to 4.04 are affe... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=42066 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 2CVE-2020-25725 – Gentoo Linux Security Advisory 202405-18
https://notcve.org/view.php?id=CVE-2020-25725
21 Nov 2020 — In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a previous fix for nested Type 3 characters wasn't correctly handling the case where a Type 3 char referred to another char in the same Type 3 font. En Xpdf versión 4.02, la función SplashOutputDev::endType3Char(GfxState *state) en el archivo SplashOutputDev.cc:3079, está tratando de usar "t3GlyphStack-)cache", el l... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25725 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24996
https://notcve.org/view.php?id=CVE-2020-24996
03 Sep 2020 — There is an invalid memory access in the function TextString::~TextString() located in Catalog.cc in Xpdf 4.0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact. Se presenta un acceso a la memoria no válido en la función TextString::~TextString() ubicada en el archivo Catalog.cc en Xpdf versión 4.0.2. Puede ser activado (por ejemplo) mediante el ... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=42028 • CWE-665: Improper Initialization •