CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24106
https://notcve.org/view.php?id=CVE-2022-24106
In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc. En Xpdf versiones anteriores a 4.04, el descodificador DCT (JPEG) permitía de forma incorrecta cambiar el flag "interleaved" después del primer escaneo de la imagen, conllevando a una vulnerabilidad desconocida relacionada con los enteros en Stream.cc • http://www.xpdfreader.com/security-fixes.html https://dl.xpdfreader.com/xpdf-4.04.tar.gz • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24107
https://notcve.org/view.php?id=CVE-2022-24107
Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. Xpdf versiones anteriores a 4.04, carece de una comprobación de desbordamiento de enteros en el archivo JPXStream.cc • http://www.xpdfreader.com/security-fixes.html https://dl.xpdfreader.com/xpdf-4.04.tar.gz • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9588
https://notcve.org/view.php?id=CVE-2019-9588
There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. En la versión 4.01 de Xpdf, hay un acceso de memoria inválida en gAtomicIncrement() en GMutex.h Puede desencadenarse mediante el envío de un archivo pdf manipulado a, por ejemplo, el binario pdftops. Permite a un atacante provocar una denegación de servicio (fallo de segmentación) o tener otro impacto no especificado. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41261 https://research.loginsoft.com/bugs/invalid-memory-access-in-gatomiccounter-gatomicincrement-xpdf-4-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9589
https://notcve.org/view.php?id=CVE-2019-9589
There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. En la versión 4.01 de Xpdf, hay una vulnerabilidad de desreferencia de puntero NULL en PSOutputDev::setupResources() en PSOutputDev.cc. Puede desencadenarse mediante el envío de un archivo pdf manipulado a, por ejemplo, el binario pdftops. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41262 https://research.loginsoft.com/bugs/null-pointer-dereference-vulnerability-in-function-psoutputdevsetupresources-xpdf-4-01 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2019-9587
https://notcve.org/view.php?id=CVE-2019-9587
There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree. En la versión 4.01 de Xpdf, hay un fallo del consumo de pila en md5Round1() en Decrypt.cc. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=41263 https://research.loginsoft.com/bugs/stack-based-buffer-overflow-vulnerability-in-function-md5round1-xpdf-4-01 • CWE-400: Uncontrolled Resource Consumption •