Known Vulnerabilities for products from Xpdf
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Xpdf".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2009-4035 | The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other l... | 9.3 - HIGH | 2009-12-21 | 2017-09-19 |
| CVE-2007-5393 | Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers t... | 9.3 - HIGH | 2007-11-08 | 2017-09-29 |
| CVE-2007-5392 | Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrar... | 9.3 - HIGH | 2007-11-08 | 2017-09-29 |
| CVE-2007-4352 | Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teT... | 7.6 - HIGH | 2007-11-08 | 2017-09-29 |
| CVE-2007-0104 | The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0... | 6.8 - MEDIUM | 2007-01-09 | 2018-10-16 |
| CVE-2006-1244 | Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework,... | 7.6 - HIGH | 2006-03-15 | 2018-10-03 |
| CVE-2006-0746 | Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows ... | 7.5 - HIGH | 2006-03-09 | 2018-10-19 |
| CVE-2006-0301 | Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4... | 7.5 - HIGH | 2006-01-30 | 2018-10-19 |
| CVE-2005-3628 | Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, p... | 7.5 - HIGH | 2005-12-31 | 2018-10-19 |
| CVE-2005-3627 | Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows ... | 7.5 - HIGH | 2005-12-31 | 2018-10-19 |
| CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to ... | 5 - MEDIUM | 2005-12-31 | 2018-10-19 |
| CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to ... | 10 - HIGH | 2005-12-31 | 2018-10-19 |
| CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor,... | 5 - MEDIUM | 2005-12-31 | 2018-10-19 |
| CVE-2005-3193 | Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.... | 5.1 - MEDIUM | 2005-12-07 | 2018-10-19 |
| CVE-2005-3192 | Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, ... | 7.5 - HIGH | 2005-12-08 | 2018-10-19 |
| CVE-2005-3191 | Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in... | 5.1 - MEDIUM | 2005-12-07 | 2018-10-19 |
| CVE-2005-2097 | xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (... | 2.1 - LOW | 2005-08-16 | 2018-10-19 |
| CVE-2005-0206 | The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on ... | 7.5 - HIGH | 2005-04-27 | 2017-10-11 |
| CVE-2005-0064 | Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to exec... | 7.5 - HIGH | 2005-05-02 | 2017-10-11 |
| CVE-2004-1125 | Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin an... | 9.3 - HIGH | 2005-01-10 | 2018-10-03 |