Glyphandcog Xpdfreader — known CVE vulnerabilities
Every CVE whose affected-product data names Glyphandcog Xpdfreader, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (53)
CVE-2009-0165 — CVSS 10.0 (critical): Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as used in Poppler and other products, when running on Mac OS X, has…
CVE-2009-3606 — CVSS 9.3 (critical): Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf before 3.02pl4, and Poppler 0.x, as used in kdegraphics KPDF, might…
CVE-2009-3604 — CVSS 9.3 (critical): The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before 3.02pl4, and Poppler 0.x, as used in GPdf and kdegraphics KPDF, does…
CVE-2009-3603 — CVSS 9.3 (critical): Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1 might allow remote…
CVE-2009-3608 — CVSS 9.3 (critical): Integer overflow in the ObjectStream::ObjectStream function in XRef.cc in Xpdf 3.x before 3.02pl4 and Poppler before 0.12.1, as used in…
CVE-2019-13281 — CVSS 7.8 (high): In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory…
CVE-2019-13283 — CVSS 7.8 (high): In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not…
CVE-2022-24106 — CVSS 7.8 (high): In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the…
CVE-2019-9589 — CVSS 7.8 (high): There is a NULL pointer dereference vulnerability in PSOutputDev::setupResources() located in PSOutputDev.cc in Xpdf 4.01. It can be…
CVE-2019-9588 — CVSS 7.8 (high): There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file…
CVE-2019-9587 — CVSS 7.8 (high): There is a stack consumption issue in md5Round1() located in Decrypt.cc in Xpdf 4.01. It can be triggered by sending a crafted pdf file to…
CVE-2019-16115 — CVSS 7.8 (high): In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in IdentityFunction::transform in Function.cc, used by…
CVE-2019-14288 — CVSS 7.8 (high): An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one…
CVE-2019-13289 — CVSS 7.8 (high): In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for…
CVE-2019-12957 — CVSS 7.8 (high): In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger…
CVE-2019-13282 — CVSS 7.8 (high): In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for…
CVE-2009-1182 — CVSS 7.5 (high): Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other…
CVE-2019-12515 — CVSS 7.1 (high): There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for…
CVE-2019-12360 — CVSS 7.1 (high): A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be…
CVE-2019-12493 — CVSS 7.1 (high): A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and…
CVE-2009-1144 — CVSS 6.9 (medium): Untrusted search path vulnerability in the Gentoo package of Xpdf before 3.02-r2 allows local users to gain privileges via a Trojan horse…
CVE-2011-0764 — CVSS 6.8 (medium): t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, uses an invalid pointer in conjunction with a…
CVE-2009-0195 — CVSS 6.8 (medium): Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute…
CVE-2010-3704 — CVSS 6.8 (medium): The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up…
CVE-2009-0800 — CVSS 6.8 (medium): Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and…
CVE-2009-1179 — CVSS 6.8 (medium): Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows…
CVE-2009-1180 — CVSS 6.8 (medium): The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to…
CVE-2019-17064 — CVSS 5.5 (medium): Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.
CVE-2019-12958 — CVSS 5.5 (medium): In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to…
CVE-2019-13286 — CVSS 5.5 (medium): In Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can…
CVE-2019-13287 — CVSS 5.5 (medium): In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc…
CVE-2019-13288 — CVSS 5.5 (medium): In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage…
CVE-2019-13291 — CVSS 5.5 (medium): In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be…
CVE-2019-14289 — CVSS 5.5 (medium): An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the…
CVE-2019-14290 — CVSS 5.5 (medium): An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for…
CVE-2019-14291 — CVSS 5.5 (medium): An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for…
CVE-2019-14292 — CVSS 5.5 (medium): An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for…
CVE-2019-14293 — CVSS 5.5 (medium): An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for…
CVE-2019-14294 — CVSS 5.5 (medium): An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of…
CVE-2019-15860 — CVSS 5.5 (medium): Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2.00 is a version from November 2002.
CVE-2019-16088 — CVSS 5.5 (medium): Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive calls to Catalog::countPageTree in Catalog.cc.
CVE-2009-0166 — CVSS 4.3 (medium): The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of…
CVE-2011-1554 — CVSS 4.3 (medium): Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a…
CVE-2009-0147 — CVSS 4.3 (medium): Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote…
CVE-2011-1553 — CVSS 4.3 (medium): Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers…
CVE-2011-1552 — CVSS 4.3 (medium): t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows…
CVE-2009-0146 — CVSS 4.3 (medium): Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote…
CVE-2009-3609 — CVSS 4.3 (medium): Integer overflow in the ImageStream::ImageStream function in Stream.cc in Xpdf before 3.02pl4 and Poppler before 0.12.1, as used in GPdf…
CVE-2009-1183 — CVSS 4.3 (medium): The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote…
CVE-2009-1181 — CVSS 4.3 (medium): The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to…
CVE-2009-0799 — CVSS 4.3 (medium): The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to…