Filtered by vendor Glyphandcog
Subscribe
Total
55 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2009-1183 | 4 Apple, Foolabs, Glyphandcog and 1 more | 4 Cups, Xpdf, Xpdfreader and 1 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file. | |||||
| CVE-2009-1181 | 4 Apple, Foolabs, Glyphandcog and 1 more | 4 Cups, Xpdf, Xpdfreader and 1 more | 2025-04-09 | 4.3 MEDIUM | N/A |
| The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference. | |||||
| CVE-2009-3603 | 3 Foolabs, Glyphandcog, Poppler | 3 Xpdf, Xpdfreader, Poppler | 2025-04-09 | 9.3 HIGH | N/A |
| Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote attackers to execute arbitrary code via a crafted PDF document that triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1188. | |||||
| CVE-2022-24107 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | N/A | 7.8 HIGH |
| Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc. | |||||
| CVE-2022-24106 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | N/A | 7.8 HIGH |
| In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc. | |||||
| CVE-2021-40226 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | N/A | 7.5 HIGH |
| xpdfreader 4.03 is vulnerable to Buffer Overflow. | |||||
| CVE-2019-9589 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2019-9588 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. | |||||
| CVE-2019-9587 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact. This is related to Catalog::countPageTree. | |||||
| CVE-2019-17064 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor. | |||||
| CVE-2019-16927 | 1 Glyphandcog | 1 Xpdf | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877. | |||||
| CVE-2019-16115 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
| In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by GfxAxialShading::getColor. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It allows an attacker to use a crafted PDF file to cause Denial of Service or possibly unspecified other impact. | |||||
| CVE-2019-16088 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc. | |||||
| CVE-2019-15860 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002. | |||||
| CVE-2019-14294 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read. | |||||
| CVE-2019-14293 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2. | |||||
| CVE-2019-14292 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1. | |||||
| CVE-2019-14291 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3. | |||||
| CVE-2019-14290 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2. | |||||
| CVE-2019-14289 | 1 Glyphandcog | 1 Xpdfreader | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case. | |||||