CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10020
https://notcve.org/view.php?id=CVE-2019-10020
24 Mar 2019 — An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters. Se ha descubierto un problema en Xpdf 4.01.01. Hay una excepción de punto flotante en la función Splash::scaleImageYuXu en Splash.cc para los parámetros x Bresenham. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41274 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-10019 – Ubuntu Security Notice USN-4042-1
https://notcve.org/view.php?id=CVE-2019-10019
24 Mar 2019 — An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes. Se ha descubierto un problema en Xpdf 4.01.01. Hay una excepción de punto flotante en la función PSOutputDev::checkPageSlice en PSOutputDev.cc para nStripes. It was discovered that poppler incorrectly handled certain files. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41275 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-10018
https://notcve.org/view.php?id=CVE-2019-10018
24 Mar 2019 — An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case. Se ha descubierto un problema en Xpdf 4.01.01. Hay una excepción de punto flotante en la función PostScriptFunction::exec en Function.cc para el caso psOpIdiv. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41276 • CWE-369: Divide By Zero •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-9878
https://notcve.org/view.php?id=CVE-2019-9878
19 Mar 2019 — There is an invalid memory access in the function GfxIndexedColorSpace::mapColorToBase() located in GfxState.cc in Xpdf 4.0.0, as used in pdfalto 0.2. It can be triggered by (for example) sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. Hay un acceso inválido a la memoria en la función GfxIndexedColorSpace::mapColorToBase(), ubicada en GfxState.cc en Xpdf 4.0.0, tal y como se emplea en pdfalto 0... • https://github.com/kermitt2/pdfalto/issues/46 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-9877
https://notcve.org/view.php?id=CVE-2019-9877
19 Mar 2019 — There is an invalid memory access vulnerability in the function TextPage::findGaps() located at TextOutputDev.c in Xpdf 4.01, which can (for example) be triggered by sending a crafted pdf file to the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. Hay una vulnerabilidad de acceso inválido a la memoria en la función TextPage::findGaps(), ubicada en TextOutputDev.c en Xpdf 4.01, que puede (por ejemplo) desencadenarse mediante el ... • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41265 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18651
https://notcve.org/view.php?id=CVE-2018-18651
25 Oct 2018 — An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file. Se ha descubierto un problema en Xpdf 4.00. catalog->getNumPages() en AcroForm.cc permite que los atacantes provoquen una denegación de servicio (bloqueo provocado por un gran bucle) mediante un archivo PDF específico, tal y como ... • https://exchange.xforce.ibmcloud.com/vulnerabilities/152005 • CWE-834: Excessive Iteration •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18650
https://notcve.org/view.php?id=CVE-2018-18650
25 Oct 2018 — An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory. Se ha descubierto un problema en Xpdf 4.00. XRef::readXRefStream en XRef.cc permite que los atacantes lancen una denegación de servicio (desbordamiento de enteros) mediante un valor /Size manipulado en un arc... • https://exchange.xforce.ibmcloud.com/vulnerabilities/152006 • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18456
https://notcve.org/view.php?id=CVE-2018-18456
18 Oct 2018 — The function Object::isName() in Object.h (called from Gfx::opSetFillColorN) in Xpdf 4.00 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. La función Object::isName() en Object.h (llamado desde Gfx::opSetFillColorN) en Xpdf 4.00 permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en pila) mediante un archivo pdf manipulado, como ha sido demostrado por pdftoppm. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18458
https://notcve.org/view.php?id=CVE-2018-18458
18 Oct 2018 — The function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted pdf file, as demonstrated by pdftoppm. La función DCTStream::decodeImage en Stream.cc en Xpdf 4.00 permite que atacantes remotos provoquen una denegación de servicio (desreferencia de puntero NULL) mediante un archivo pdf manipulado, como ha sido demostrado por pdftoppm. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-18455
https://notcve.org/view.php?id=CVE-2018-18455
18 Oct 2018 — The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. La clase GfxImageColorMap en GfxState.cc en Xpdf 4.00 permite que atacantes remotos provoquen una denegación de servicio (sobrelectura de búfer basada en memoria dinámica o heap) mediante un archivo pdf manipulado, como ha sido demostrado por pdftoppm. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41217 • CWE-125: Out-of-bounds Read •