Vulnerabilities (CVE)

Vendor filter

Xpdf Subscribe

Filter

27 total CVE
CVE Vendors Products Updated CVSS
CVE-2006-0746 1 Xpdf 1 Xpdf 2018-10-19 7.5
Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in CVE-2005-3627.
CVE-2006-0301 1 Xpdf 1 Xpdf 2018-10-19 7.5
Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via...
CVE-2005-3628 1 Xpdf 1 Xpdf 2018-10-19 7.5
Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute...
CVE-2005-3627 1 Xpdf 1 Xpdf 2018-10-19 7.5
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of...
CVE-2005-3626 18 Turbolinux, Xpdf, Easy Software Products and 15 more 33 Linux, Fedora Core, Mandrake Linux Corporate Server and 30 more 2018-10-19 5.0
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
CVE-2005-3625 18 Turbolinux, Xpdf, Easy Software Products and 15 more 33 Linux, Fedora Core, Mandrake Linux Corporate Server and 30 more 2018-10-19 10.0
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode...
CVE-2005-3624 18 Turbolinux, Xpdf, Easy Software Products and 15 more 33 Linux, Fedora Core, Mandrake Linux Corporate Server and 30 more 2018-10-19 5.0
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to...
CVE-2005-3193 1 Xpdf 1 Xpdf 2018-10-19 5.1
Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows...
CVE-2005-3192 1 Xpdf 1 Xpdf 2018-10-19 7.5
Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute...
CVE-2005-3191 1 Xpdf 1 Xpdf 2018-10-19 5.1
Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX,...
CVE-2005-2097 2 Kde, Xpdf 2 Xpdf, Kpdf 2018-10-19 2.1
xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created...
CVE-2007-3387 6 Xpdf, Easy Software Products, Gnome and 3 more 7 Kpdf, Kdegraphics, Cups and 4 more 2018-10-16 6.8
Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to...
CVE-2007-0104 2 Kde, Xpdf 2 Kde, Xpdf 2018-10-16 6.8
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service...
CVE-2006-1244 4 Debian, Libextractor, Xpdf and 1 more 4 Debian Linux, Xpdf, Gpdf and 1 more 2018-10-03 7.6
Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving...
CVE-2004-1125 3 Kde, Xpdf, Easy Software Products 3 Kde, Xpdf, Cups 2018-10-03 9.3
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash)...
CVE-2002-1384 2 Xpdf, Easy Software Products 2 Xpdf, Cups 2018-05-03 7.2
Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.
CVE-2005-0206 15 Xpdf, Easy Software Products, Ubuntu and 12 more 22 Linux, Kde, Fedora Core and 19 more 2017-10-11 7.5
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
CVE-2005-0064 1 Xpdf 1 Xpdf 2017-10-11 7.5
Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.
CVE-2004-0888 11 Xpdf, Easy Software Products, Ubuntu and 8 more 16 Linux Advanced Workstation, Linux, Kpdf and 13 more 2017-10-11 10.0
Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of...
CVE-2003-0434 4 Adobe, Mandrakesoft, Xpdf and 1 more 7 Linux Advanced Workstation, Acrobat, Enterprise Linux and 4 more 2017-10-11 7.5
Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.