Search CVE reports
41 – 50 of 198 results
CVE-2019-14288
Medium priorityAn issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case.
4 affected packages
ipe, libextractor, poppler, xpdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ipe | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
libextractor | Not affected | Not affected | Not affected | Not affected | Not affected |
poppler | Not affected | Not affected | Not affected | Not affected | Not affected |
xpdf | Not affected | Not affected | Not in release | Not affected | Not affected |
CVE-2019-9959
Low prioritySome fixes available 2 of 15
The JPXStream::init function in Poppler 0.78.0 and earlier doesn't check for negative values of stream length, leading to an Integer Overflow, thereby making it possible to allocate a large memory chunk on the heap, with a size...
2 affected packages
emscripten, poppler
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
emscripten | Ignored | Ignored | Not in release | Ignored | Ignored |
poppler | Not affected | Not affected | Not affected | Fixed | Fixed |
CVE-2019-13291
Medium priorityIn Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an...
4 affected packages
ipe, libextractor, poppler, xpdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ipe | — | Not affected | Not affected | Not affected | Not affected |
libextractor | — | Not affected | Not affected | Not affected | Not affected |
poppler | — | Not affected | Not affected | Not affected | Not affected |
xpdf | — | Not affected | Not in release | Not affected | Not affected |
CVE-2019-13289
Medium priorityIn Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool.
4 affected packages
ipe, libextractor, poppler, xpdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ipe | — | Not affected | Not affected | Not affected | Not affected |
libextractor | — | Not affected | Not affected | Not affected | Not affected |
poppler | — | Not affected | Not affected | Not affected | Not affected |
xpdf | — | Not affected | Not in release | Not affected | Not affected |
CVE-2019-13288
Medium priorityIn Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.
4 affected packages
ipe, libextractor, poppler, xpdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ipe | — | Not affected | Not affected | Not affected | Not affected |
libextractor | — | Not affected | Not affected | Not affected | Not affected |
poppler | — | Not affected | Not affected | Not affected | Not affected |
xpdf | — | Not affected | Not in release | Not affected | Not affected |
CVE-2019-13287
Medium priorityIn Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the function SplashXPath::strokeAdjust() located at splash/SplashXPath.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool....
4 affected packages
ipe, libextractor, poppler, xpdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ipe | — | Not affected | Not affected | Not affected | Not affected |
libextractor | — | Not affected | Not affected | Not affected | Not affected |
poppler | — | Not affected | Not affected | Not affected | Not affected |
xpdf | — | Not affected | Not in release | Not affected | Not affected |
CVE-2019-13286
Medium priorityIn Xpdf 4.01.01, there is a heap-based buffer over-read in the function JBIG2Stream::readTextRegionSeg() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might...
4 affected packages
ipe, libextractor, poppler, xpdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ipe | — | Not affected | Not affected | Not affected | Not affected |
libextractor | — | Not affected | Not affected | Not affected | Not affected |
poppler | — | Not affected | Not affected | Not affected | Not affected |
xpdf | — | Not affected | Not in release | Not affected | Not affected |
CVE-2019-13283
Low prioritySome fixes available 1 of 8
In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in strncpy from FoFiType1::parse in fofi/FoFiType1.cc because it does not ensure the source string has a valid length before making a fixed-length copy. It can, for...
4 affected packages
ipe, libextractor, poppler, xpdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ipe | — | Not affected | Not affected | Not affected | Not affected |
libextractor | — | Not affected | Not affected | Not affected | Not affected |
poppler | — | Not affected | Not affected | Not affected | Fixed |
xpdf | — | Not affected | Not in release | Not affected | Not affected |
CVE-2019-13282
Medium priorityIn Xpdf 4.01.01, a heap-based buffer over-read could be triggered in SampledFunction::transform in Function.cc when using a large index for samples. It can, for example, be triggered by sending a crafted PDF document to the...
4 affected packages
ipe, libextractor, poppler, xpdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ipe | — | Not affected | Not affected | Not affected | Not affected |
libextractor | — | Not affected | Not affected | Not affected | Not affected |
poppler | — | Not affected | Not affected | Not affected | Not affected |
xpdf | — | Not affected | Not in release | Not affected | Not affected |
CVE-2019-13281
Medium priorityIn Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool....
4 affected packages
ipe, libextractor, poppler, xpdf
Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS | 16.04 LTS |
---|---|---|---|---|---|
ipe | — | Not affected | Not affected | Not affected | Not affected |
libextractor | — | Not affected | Not affected | Not affected | Not affected |
poppler | — | Not affected | Not affected | Not affected | Not affected |
xpdf | — | Not affected | Not in release | Not affected | Not affected |