RSS   Vulnerabilities for 'Xpdfreader'   RSS

2019-07-27
 
CVE-2019-14294

CWE-416
 

 
An issue was discovered in Xpdf 4.01.01. There is a use-after-free in the function JPXStream::fillReadBuf at JPXStream.cc, due to an out of bounds read.

 
 
CVE-2019-14293

CWE-125
 

 
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 2.

 
 
CVE-2019-14292

CWE-125
 

 
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA!=6 case 1.

 
 
CVE-2019-14291

CWE-125
 

 
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 3.

 
 
CVE-2019-14290

CWE-125
 

 
An issue was discovered in Xpdf 4.01.01. There is an out of bounds read in the function GfxPatchMeshShading::parse at GfxState.cc for typeA==6 case 2.

 
 
CVE-2019-14289

CWE-190
 

 
An issue was discovered in Xpdf 4.01.01. There is an integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "multiple bytes per line" case.

 
 
CVE-2019-14288

CWE-190
 

 
An issue was discovered in Xpdf 4.01.01. There is an Integer overflow in the function JBIG2Bitmap::combine at JBIG2Stream.cc for the "one byte per line" case.

 
2019-07-04
 
CVE-2019-13291

CWE-119
 

 
In Xpdf 4.01.01, there is a heap-based buffer over-read in the function DCTStream::readScan() located at Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Information Disclosure.

 
 
CVE-2019-13289

CWE-416
 

 
In Xpdf 4.01.01, there is a use-after-free vulnerability in the function JBIG2Stream::close() located at JBIG2Stream.cc. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool.

 
 
CVE-2019-13288

CWE-400
 

 
In Xpdf 4.01.01, the Parser::getObj() function in Parser.cc may cause infinite recursion via a crafted file. A remote attacker can leverage this for a DoS attack. This is similar to CVE-2018-16646.

 


Copyright 2019, cxsecurity.com

 

Back to Top