CVE search results

51 – 60 of 205 results

Detailed view

Sort by:

CVE-2019-13289

Medium priority

Ignored

In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool.

4 affected packages

ipe, libextractor, poppler, xpdf

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ipe	—	Not affected	Not affected	Not affected
libextractor	—	Not affected	Not affected	Not affected
poppler	—	Not affected	Not affected	Not affected
xpdf	—	Not affected	Not in release	Not affected

CVE-2019-13288

Medium priority

Ignored

In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.

4 affected packages

ipe, xpdf, libextractor, poppler

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ipe	—	Not affected	Not affected	Not affected
xpdf	—	Not affected	Not in release	Not affected
libextractor	—	Not affected	Not affected	Not affected
poppler	—	Not affected	Not affected	Not affected

CVE-2019-13287

Medium priority

Ignored

In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool....

4 affected packages

xpdf, ipe, libextractor, poppler

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
xpdf	—	Not affected	Not in release	Not affected
ipe	—	Not affected	Not affected	Not affected
libextractor	—	Not affected	Not affected	Not affected
poppler	—	Not affected	Not affected	Not affected

CVE-2019-13286

Medium priority

Ignored

In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might...

4 affected packages

ipe, libextractor, poppler, xpdf

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ipe	—	Not affected	Not affected	Not affected
libextractor	—	Not affected	Not affected	Not affected
poppler	—	Not affected	Not affected	Not affected
xpdf	—	Not affected	Not in release	Not affected

CVE-2019-13283

Low priority

Some fixes available 1 of 8

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for...

4 affected packages

xpdf, ipe, libextractor, poppler

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
xpdf	—	Not affected	Not in release	Not affected
ipe	—	Not affected	Not affected	Not affected
libextractor	—	Not affected	Not affected	Not affected
poppler	—	Not affected	Not affected	Not affected

CVE-2019-13282

Medium priority

Ignored

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the...

4 affected packages

xpdf, ipe, libextractor, poppler

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
xpdf	—	Not affected	Not in release	Not affected
ipe	—	Not affected	Not affected	Not affected
libextractor	—	Not affected	Not affected	Not affected
poppler	—	Not affected	Not affected	Not affected

CVE-2019-13281

Medium priority

Ignored

In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool....

4 affected packages

xpdf, ipe, libextractor, poppler

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
xpdf	—	Not affected	Not in release	Not affected
ipe	—	Not affected	Not affected	Not affected
libextractor	—	Not affected	Not affected	Not affected
poppler	—	Not affected	Not affected	Not affected

CVE-2019-12958

Medium priority

Some fixes available 12 of 19

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one...

4 affected packages

xpdf, ipe, libextractor, poppler

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
xpdf	—	Not affected	Not in release	Not affected
ipe	—	Not affected	Not affected	Not affected
libextractor	—	Not affected	Not affected	Not affected
poppler	—	Fixed	Fixed	Fixed

CVE-2019-12957

Medium priority

Ignored

In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF...

4 affected packages

ipe, libextractor, poppler, xpdf

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ipe	—	Not affected	Not affected	Not affected
libextractor	—	Not affected	Not affected	Not affected
poppler	—	Not affected	Not affected	Not affected
xpdf	—	Not affected	Not in release	Not affected

CVE-2019-12515

Medium priority

Ignored

There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an...

4 affected packages

ipe, libextractor, poppler, xpdf

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ipe	—	Not affected	Not affected	Not affected
libextractor	—	Not affected	Not affected	Not affected
poppler	—	Not affected	Not affected	Not affected
xpdf	—	Not affected	Not in release	Not affected

Export to JSON

Results by page:

Search CVE reports