Filtered by vendor Xpdf Subscriptions
Filtered by product Xpdf Subscriptions
Total 26 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2007-5392 1 Xpdf 1 Xpdf 2017-09-29 N/A
Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow.
CVE-2007-4352 1 Xpdf 1 Xpdf 2017-09-29 N/A
Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file.
CVE-2009-4035 3 Gnome, Kde, Xpdf 4 Gpdf, Kdegraphics, Kpdf and 1 more 2017-09-19 N/A
The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow.
CVE-2004-0889 11 Debian, Easy Software Products, Gentoo and 8 more 16 Debian Linux, Cups, Linux and 13 more 2017-07-11 N/A
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888.
CVE-2000-0728 1 Xpdf 1 Xpdf 2016-10-18 N/A
xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack.
CVE-2000-0727 1 Xpdf 1 Xpdf 2016-10-18 N/A
xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters.