CVE search results

21 – 30 of 109 results

Detailed view

Sort by:

CVE-2019-12958

Medium priority

Some fixes available 12 of 19

In Xpdf 4.01.01, a heap-based buffer over-read could be triggered in FoFiType1C::convertToType0 in fofi/FoFiType1C.cc when it is trying to access the second privateDicts array element, because the privateDicts array has only one...

4 affected packages

xpdf, ipe, libextractor, poppler

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
xpdf	—	Not affected	Not in release	Not affected
ipe	—	Not affected	Not affected	Not affected
libextractor	—	Not affected	Not affected	Not affected
poppler	—	Fixed	Fixed	Fixed

CVE-2019-12957

Medium priority

Ignored

In Xpdf 4.01.01, a buffer over-read could be triggered in FoFiType1C::convertToType1 in fofi/FoFiType1C.cc when the index number is larger than the charset array bounds. It can, for example, be triggered by sending a crafted PDF...

4 affected packages

ipe, libextractor, poppler, xpdf

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ipe	—	Not affected	Not affected	Not affected
libextractor	—	Not affected	Not affected	Not affected
poppler	—	Not affected	Not affected	Not affected
xpdf	—	Not affected	Not in release	Not affected

CVE-2019-12515

Medium priority

Ignored

There is an out-of-bounds read vulnerability in the function FlateStream::getChar() located at Stream.cc in Xpdf 4.01.01. It can, for example, be triggered by sending a crafted PDF document to the pdftoppm tool. It might allow an...

4 affected packages

ipe, libextractor, poppler, xpdf

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ipe	—	Not affected	Not affected	Not affected
libextractor	—	Not affected	Not affected	Not affected
poppler	—	Not affected	Not affected	Not affected
xpdf	—	Not affected	Not in release	Not affected

CVE-2019-12493

Negligible priority

Vulnerable

A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered...

7 affected packages

texlive-bin, utopia-documents, emscripten, ipe, libextractor...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
texlive-bin	Vulnerable	Vulnerable	Vulnerable	Vulnerable
utopia-documents	Not in release	Not in release	Not in release	Not in release
emscripten	Ignored	Ignored	Not in release	Ignored
ipe	Not affected	Not affected	Not affected	Not affected
libextractor	Not affected	Not affected	Not affected	Not affected
poppler	Not affected	Not affected	Not affected	Not affected
xpdf	Not affected	Not affected	Not in release	Not affected

CVE-2019-12360

Low priority

Vulnerable

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an...

7 affected packages

emscripten, ipe, texlive-bin, libextractor, xpdf...

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
emscripten	Ignored	Ignored	Not in release	Ignored
ipe	Not affected	Not affected	Not affected	Not affected
texlive-bin	Vulnerable	Vulnerable	Vulnerable	Vulnerable
libextractor	Not affected	Not affected	Not affected	Not affected
xpdf	Not affected	Not affected	Not in release	Not affected
poppler	Not affected	Not affected	Not affected	Not affected
utopia-documents	Not in release	Not in release	Not in release	Not in release

CVE-2019-10026

Medium priority

Ignored

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.

4 affected packages

ipe, libextractor, poppler, xpdf

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ipe	—	Not affected	Not affected	Not affected
libextractor	—	Not affected	Not affected	Not affected
poppler	—	Not affected	Not affected	Not affected
xpdf	—	Not affected	Not in release	Not affected

CVE-2019-10025

Low priority

Ignored

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.

4 affected packages

xpdf, ipe, libextractor, poppler

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
xpdf	—	Not affected	Not in release	Not affected
ipe	—	Not affected	Not affected	Not affected
libextractor	—	Not affected	Not affected	Not affected
poppler	—	Not affected	Not affected	Not affected

CVE-2019-10024

Low priority

Some fixes available 1 of 6

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.

4 affected packages

xpdf, ipe, libextractor, poppler

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
xpdf	—	Not affected	Not in release	Not affected
ipe	—	Not affected	Not affected	Not affected
libextractor	—	Not affected	Not affected	Not affected
poppler	—	Not affected	Not affected	Not affected

CVE-2019-10022

Low priority

Ignored

An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.

4 affected packages

xpdf, ipe, libextractor, poppler

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
xpdf	—	Not affected	Not in release	Not affected
ipe	—	Not affected	Not affected	Not affected
libextractor	—	Not affected	Not affected	Not affected
poppler	—	Not affected	Not affected	Not affected

CVE-2019-10020

Low priority

Some fixes available 1 of 6

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for x Bresenham parameters.

4 affected packages

ipe, libextractor, poppler, xpdf

Package	24.04 LTS	22.04 LTS	20.04 LTS	18.04 LTS
ipe	—	Not affected	Not affected	Not affected
libextractor	—	Not affected	Not affected	Not affected
poppler	—	Not affected	Not affected	Not affected
xpdf	—	Not affected	Not in release	Not affected

Export to JSON

Results by page:

Search CVE reports