Glyphandcog » Xpdfreader : Security Vulnerabilities, CVEs, Published In 2019 (Overflow) CVSS score >= 7

CVE-2019-14288

An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case.
Max CVSS
7.8
EPSS Score
0.16%
Published
2019-07-27
Updated
2019-07-29

CVE-2019-13281

In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DCTStream::decodeImage() in Stream.cc when writing to frameBuf memory. It can, for example, be triggered by sending a crafted PDF document to the pdftotext tool. It allows an attacker to use a crafted pdf file to cause Denial of Service, an information leak, or possibly unspecified other impact.
Max CVSS
7.8
EPSS Score
0.14%
Published
2019-07-04
Updated
2023-03-01

CVE-2019-9588

There is an Invalid memory access in gAtomicIncrement() located at GMutex.h in Xpdf 4.01. It can be triggered by sending a crafted pdf file to (for example) the pdftops binary. It allows an attacker to cause Denial of Service (Segmentation fault) or possibly have unspecified other impact.
Max CVSS
7.8
EPSS Score
0.10%
Published
2019-03-06
Updated
2019-03-06
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close