xpdf

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Viewer for Portable Document Format (PDF) files
Version 4.05-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2813 4.03-1 4.04-1 Unknown Fixed
AVG-1048 4.01.01-2 4.02-1 Medium Fixed FS#63980
AVG-640 4.00-2 4.01.01-1 Low Fixed FS#57528
Issue Group Severity Remote Type Description
CVE-2022-38171 AVG-2813 Unknown Unknown Unknown Unknown
CVE-2019-16927 AVG-1048 Medium No Arbitrary code execution
Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the TextPage::findGaps function in TextOutputDev.cc, a different vulnerability than CVE-2019-9877.
CVE-2018-7455 AVG-640 Low No Denial of service
An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as...
CVE-2018-7454 AVG-640 Low No Denial of service
A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as...
CVE-2018-7453 AVG-640 Low No Denial of service
Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of...
CVE-2018-7452 AVG-640 Low No Denial of service
A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as...
CVE-2018-7175 AVG-640 Low No Denial of service
An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero...
CVE-2018-7174 AVG-640 Low No Denial of service
An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for...
CVE-2018-7173 AVG-640 Low No Denial of service
A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding.

Advisories

Date Advisory Group Severity Type
16 Oct 2019 ASA-201910-10 AVG-1048 Medium arbitrary code execution