CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-48545
https://notcve.org/view.php?id=CVE-2022-48545
22 Aug 2023 — An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=42092 • CWE-674: Uncontrolled Recursion •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-3436 – Deadlock in Xpdf 4.04 due to PDF object stream references
https://notcve.org/view.php?id=CVE-2023-3436
27 Jun 2023 — Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream. Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected. • https://forum.xpdfreader.com/viewtopic.php?t=42618 • CWE-667: Improper Locking CWE-833: Deadlock •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3044 – Divide-by-zero in Xpdf 4.04 due to very large page size
https://notcve.org/view.php?id=CVE-2023-3044
02 Jun 2023 — An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate. Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected. • https://github.com/baker221/poc-xpdf • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2664 – Stack overflow in Xpdf 4.04 due to object loop in PDF embedded file tree
https://notcve.org/view.php?id=CVE-2023-2664
11 May 2023 — In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow. Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected. • https://forum.xpdfreader.com/viewtopic.php?t=42422 • CWE-674: Uncontrolled Recursion •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2663 – Stack overflow in Xpdf 4.04 due to object loop in PDF page label tree
https://notcve.org/view.php?id=CVE-2023-2663
11 May 2023 — In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow. Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected. • https://forum.xpdfreader.com/viewtopic.php?t=42421 • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-2662 – Divide-by-zero in Xpdf 4.04 due to bad color space object
https://notcve.org/view.php?id=CVE-2023-2662
11 May 2023 — In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero. Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected. • https://forum.xpdfreader.com/viewtopic.php?t=42505 • CWE-369: Divide By Zero •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-26930
https://notcve.org/view.php?id=CVE-2023-26930
26 Apr 2023 — Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.” • https://gist.github.com/huanglei3/10e2a9bd07a109995b20ade306612a34 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45586 – Gentoo Linux Security Advisory 202409-25
https://notcve.org/view.php?id=CVE-2022-45586
15 Feb 2023 — Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service. Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected. • https://forum.xpdfreader.com/viewtopic.php?t=42361 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-45587 – Gentoo Linux Security Advisory 202409-25
https://notcve.org/view.php?id=CVE-2022-45587
15 Feb 2023 — Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service. Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected. • https://forum.xpdfreader.com/viewtopic.php?t=42361 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-36493
https://notcve.org/view.php?id=CVE-2021-36493
03 Feb 2023 — Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attackers to crash the application via crafted command. • https://forum.xpdfreader.com/viewtopic.php?f=3&t=42160 • CWE-787: Out-of-bounds Write •