Information on source package xpdf

Available versions

ReleaseVersion
bullseye3.04+git20210103-3
bookworm3.04+git20220601-1
trixie3.04+git20240613-1
sid3.04+git20240613-1

Open unimportant issues

BugbullseyebookwormtrixiesidDescription
CVE-2018-18459vulnerablevulnerablevulnerablevulnerableThe function DCTStream::getBlock in Stream.cc in Xpdf 4.00 allows remo ...
CVE-2018-18458vulnerablevulnerablevulnerablevulnerableThe function DCTStream::decodeImage in Stream.cc in Xpdf 4.00 allows r ...
CVE-2018-18457vulnerablevulnerablevulnerablevulnerableThe function DCTStream::readScan in Stream.cc in Xpdf 4.00 allows remo ...
CVE-2018-18456vulnerablevulnerablevulnerablevulnerableThe function Object::isName() in Object.h (called from Gfx::opSetFillC ...
CVE-2018-18455vulnerablevulnerablevulnerablevulnerableThe GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote a ...
CVE-2018-18454vulnerablevulnerablevulnerablevulnerableCCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote atta ...
CVE-2018-16369vulnerablevulnerablevulnerablevulnerableXRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a ...
CVE-2018-16368vulnerablevulnerablevulnerablevulnerableSplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows ...
CVE-2018-11033vulnerablevulnerablevulnerablevulnerableThe DCTStream::readHuffSym function in Stream.cc in the DCT decoder in ...
CVE-2018-8107vulnerablevulnerablevulnerablevulnerableThe JPXStream::close function in JPXStream.cc in xpdf 4.00 allows atta ...
CVE-2018-8106vulnerablevulnerablevulnerablevulnerableThe JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 ...
CVE-2018-8105vulnerablevulnerablevulnerablevulnerableThe JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allow ...
CVE-2018-8104vulnerablevulnerablevulnerablevulnerableThe BufStream::lookChar function in Stream.cc in xpdf 4.00 allows atta ...
CVE-2018-8103vulnerablevulnerablevulnerablevulnerableThe JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf ...
CVE-2018-8102vulnerablevulnerablevulnerablevulnerableThe JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4 ...
CVE-2018-8101vulnerablevulnerablevulnerablevulnerableThe JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf ...
CVE-2018-8100vulnerablevulnerablevulnerablevulnerableThe JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allo ...
CVE-2018-7455vulnerablevulnerablevulnerablevulnerableAn out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xp ...
CVE-2018-7454vulnerablevulnerablevulnerablevulnerableA NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpd ...
CVE-2018-7453vulnerablevulnerablevulnerablevulnerableInfinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 ...
CVE-2018-7452vulnerablevulnerablevulnerablevulnerableA NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc i ...
CVE-2018-7175vulnerablevulnerablevulnerablevulnerableAn issue was discovered in xpdf 4.00. A NULL pointer dereference in re ...
CVE-2018-7174vulnerablevulnerablevulnerablevulnerableAn issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref a ...
CVE-2018-7173vulnerablevulnerablevulnerablevulnerableA large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an ...
CVE-2013-4472vulnerablevulnerablevulnerablevulnerableThe openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 a ...
CVE-2010-0207vulnerablevulnerablevulnerablevulnerableIn xpdf, the xref table contains an infinite loop which allows remote ...
CVE-2010-0206vulnerablevulnerablevulnerablevulnerablexpdf allows remote attackers to cause a denial of service (NULL pointe ...

Resolved issues

BugDescription
CVE-2024-7868In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream ...
CVE-2024-7867In Xpdf 4.05 (and earlier), very large coordinates in a page box can c ...
CVE-2024-7866In Xpdf 4.05 (and earlier), a PDF object loop in a pattern resource le ...
CVE-2024-3248In Xpdf 4.05 (and earlier), a PDF object loop in the attachments leads ...
CVE-2024-3247In Xpdf 4.05 (and earlier), a PDF object loop in an object stream lead ...
CVE-2023-26930Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker ...
CVE-2023-3436Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is ...
CVE-2023-3044An excessively large PDF page size (found in fuzz testing, unlikely in ...
CVE-2023-2664In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tre ...
CVE-2023-2663In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree l ...
CVE-2023-2662In Xpdf 4.04 (and earlier), a bad color space object in the input PDF ...
CVE-2022-48545An infinite recursion in Catalog::findDestInTree can cause denial of s ...
CVE-2022-45587Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpd ...
CVE-2022-45586Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in ...
CVE-2022-43295XPDF v4.04 was discovered to contain a stack overflow via the function ...
CVE-2022-43071A stack overflow in the Catalog::readPageLabelTree2(Object*) function ...
CVE-2022-41844An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch( ...
CVE-2022-41843An issue was discovered in Xpdf 4.04. There is a crash in convertToTyp ...
CVE-2022-41842An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_F ...
CVE-2022-38928XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2 ...
CVE-2022-38334XPDF v4.04 and earlier was discovered to contain a stack overflow via ...
CVE-2022-38238XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...
CVE-2022-38237XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...
CVE-2022-38236XPDF commit ffaf11c was discovered to contain a global-buffer overflow ...
CVE-2022-38235XPDF commit ffaf11c was discovered to contain a segmentation violation ...
CVE-2022-38234XPDF commit ffaf11c was discovered to contain a segmentation violation ...
CVE-2022-38233XPDF commit ffaf11c was discovered to contain a segmentation violation ...
CVE-2022-38231XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...
CVE-2022-38230XPDF commit ffaf11c was discovered to contain a floating point excepti ...
CVE-2022-38229XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...
CVE-2022-38228XPDF commit ffaf11c was discovered to contain a heap-buffer overflow v ...
CVE-2022-38227XPDF commit ffaf11c was discovered to contain a stack overflow via __a ...
CVE-2022-38222There is a use-after-free issue in JBIG2Stream::close() located in JBI ...
CVE-2022-36561XPDF v4.0.4 was discovered to contain a segmentation violation via the ...
CVE-2022-33108XPDF v4.04 was discovered to contain a stack overflow vulnerability vi ...
CVE-2022-30775xpdf 4.04 allocates excessive memory when presented with crafted input ...
CVE-2022-30524There is an invalid memory access in the TextLine class in TextOutputD ...
CVE-2022-27135xpdf 4.03 has heap buffer overflow in the function readXRefTable locat ...
CVE-2022-24107Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.
CVE-2021-36493Buffer Overflow vulnerability in pdfimages in xpdf 4.03 allows attacke ...
CVE-2020-35376Xpdf 4.02 allows stack consumption because of an incorrect subroutine ...
CVE-2020-25725In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOut ...
CVE-2020-24999There is an invalid memory access in the function fprintf located in E ...
CVE-2020-24996There is an invalid memory access in the function TextString::~TextStr ...
CVE-2019-17064Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog ...
CVE-2019-16927Xpdf 4.01.01 has an out-of-bounds write in the vertProfile part of the ...
CVE-2019-16115In Xpdf 4.01.01, a stack-based buffer under-read could be triggered in ...
CVE-2019-16088Xpdf 3.04 has a SIGSEGV in XRef::fetch in XRef.cc after many recursive ...
CVE-2019-15860Xpdf 2.00 allows a SIGSEGV in XRef::constructXRef in XRef.cc. NOTE: 2. ...
CVE-2019-14294An issue was discovered in Xpdf 4.01.01. There is a use-after-free in ...
CVE-2019-14293An issue was discovered in Xpdf 4.01.01. There is an out of bounds rea ...
CVE-2019-14292An issue was discovered in Xpdf 4.01.01. There is an out of bounds rea ...
CVE-2019-14291An issue was discovered in Xpdf 4.01.01. There is an out of bounds rea ...
CVE-2019-14290An issue was discovered in Xpdf 4.01.01. There is an out of bounds rea ...
CVE-2019-14289An issue was discovered in Xpdf 4.01.01. There is an integer overflow ...
CVE-2019-14288An issue was discovered in Xpdf 4.01.01. There is an Integer overflow ...
CVE-2019-13291In Xpdf 4.01.01, there is a heap-based buffer over-read in the functio ...
CVE-2019-13289In Xpdf 4.01.01, there is a use-after-free vulnerability in the functi ...
CVE-2019-13288In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause ...
CVE-2019-13287In Xpdf 4.01.01, there is an out-of-bounds read vulnerability in the f ...
CVE-2019-13286In Xpdf 4.01.01, there is a heap-based buffer over-read in the functio ...
CVE-2019-13283In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in s ...
CVE-2019-13282In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in S ...
CVE-2019-13281In Xpdf 4.01.01, a heap-based buffer overflow could be triggered in DC ...
CVE-2019-12958In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in F ...
CVE-2019-12957In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C:: ...
CVE-2019-12515There is an out-of-bounds read vulnerability in the function FlateStre ...
CVE-2019-12493A stack-based buffer over-read exists in PostScriptFunction::transform ...
CVE-2019-12360A stack-based buffer over-read exists in FoFiTrueType::dumpString in f ...
CVE-2019-10026An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...
CVE-2019-10025An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...
CVE-2019-10024An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...
CVE-2019-10023An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...
CVE-2019-10022An issue was discovered in Xpdf 4.01.01. There is a NULL pointer deref ...
CVE-2019-10021An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...
CVE-2019-10020An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...
CVE-2019-10019An issue was discovered in Xpdf 4.01.01. There is an FPE in the functi ...
CVE-2019-9878There is an invalid memory access in the function GfxIndexedColorSpace ...
CVE-2019-9877There is an invalid memory access vulnerability in the function TextPa ...
CVE-2019-9589There is a NULL pointer dereference vulnerability in PSOutputDev::setu ...
CVE-2019-9588There is an Invalid memory access in gAtomicIncrement() located at GMu ...
CVE-2019-9587There is a stack consumption issue in md5Round1() located in Decrypt.c ...
CVE-2018-18651An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroFo ...
CVE-2018-18650An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc ...
CVE-2012-2142The error function in Error.cc in poppler before 0.21.4 allows remote ...
CVE-2011-2902zxpdf in xpdf before 3.02-19 as packaged in Debian unstable and 3.02-1 ...
CVE-2011-1554Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3. ...
CVE-2011-1553Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xp ...
CVE-2011-1552t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and ot ...
CVE-2011-0764t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and ot ...
CVE-2010-4654poppler before 0.16.3 has malformed commands that may cause corruption ...
CVE-2010-4653An integer overflow condition in poppler before 0.16.3 can occur when ...
CVE-2010-3704The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser i ...
CVE-2010-3703The PostScriptFunction::PostScriptFunction function in poppler/Functio ...
CVE-2010-3702The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, pop ...
CVE-2009-4035The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf ...
CVE-2009-3609Integer overflow in the ImageStream::ImageStream function in Stream.cc ...
CVE-2009-3608Integer overflow in the ObjectStream::ObjectStream function in XRef.cc ...
CVE-2009-3606Integer overflow in the PSOutputDev::doImageL1Sep function in Xpdf bef ...
CVE-2009-3604The Splash::drawImage function in Splash.cc in Xpdf 2.x and 3.x before ...
CVE-2009-3603Integer overflow in the SplashBitmap::SplashBitmap function in Xpdf 3. ...
CVE-2009-1188Integer overflow in the JBIG2 decoding feature in the SplashBitmap::Sp ...
CVE-2009-1183The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earl ...
CVE-2009-1182Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and ...
CVE-2009-1181The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...
CVE-2009-1180The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...
CVE-2009-1179Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUP ...
CVE-2009-1144Untrusted search path vulnerability in the Gentoo package of Xpdf befo ...
CVE-2009-0800Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 ...
CVE-2009-0799The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...
CVE-2009-0195Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, an ...
CVE-2009-0166The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, ...
CVE-2009-0165Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, as ...
CVE-2009-0147Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ea ...
CVE-2009-0146Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and ear ...
CVE-2008-2950The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earl ...
CVE-2008-1693The CairoFont::create function in CairoFontEngine.cc in Poppler, possi ...
CVE-2007-5393Heap-based buffer overflow in the CCITTFaxStream::lookChar method in x ...
CVE-2007-5392Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in X ...
CVE-2007-4352Array index error in the DCTStream::readProgressiveDataUnit method in ...
CVE-2007-3387Integer overflow in the StreamPredictor::StreamPredictor function in x ...
CVE-2007-0104The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patc ...
CVE-2006-1244Unspecified vulnerability in certain versions of xpdf after 3.00, as u ...
CVE-2006-0301Heap-based buffer overflow in Splash.cc in xpdf, as used in other prod ...
CVE-2005-3628Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Strea ...
CVE-2005-3627Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, ...
CVE-2005-3626Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTe ...
CVE-2005-3625Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTe ...
CVE-2005-3624The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpd ...
CVE-2005-3193Heap-based buffer overflow in the JPXStream::readCodestream function i ...
CVE-2005-3192Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.0 ...
CVE-2005-3191Multiple heap-based buffer overflows in the (1) DCTStream::readProgres ...
CVE-2005-2097xpdf and kpdf do not properly validate the "loca" table in PDF files, ...
CVE-2005-0206The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CV ...
CVE-2005-0064Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc fo ...
CVE-2004-1125Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...
CVE-2004-0889Multiple integer overflows in xpdf 3.0, and other packages that use xp ...
CVE-2004-0888Multiple integer overflows in xpdf 2.0 and 3.0, and other packages tha ...
CVE-2003-0434Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 ...
CVE-2002-1384Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, ...

Security announcements

DSA / DLADescription
DSA-2135-1xpdf - several vulnerabilities
DSA-2028-1xpdf - several vulnerabilities
DSA-1790-1xpdf - multiple vulnerabilities
DSA-1548-1xpdf
DSA-1537-1xpdf
DSA-1347-1xpdf
DSA-984-1xpdf - several
DSA-971-1xpdf - buffer overflow
DSA-931-1xpdf - buffer overflows
DSA-648-1xpdf - buffer overflow
DSA-619-1xpdf - buffer overflow
DSA-581-1xpdf - integer overflows
DSA-226xpdf-i - integer overflow
DSA-222xpdf - integer overflow

Search for package or bug name: Reporting problems