VulnerableCode Package Details - pkg:deb/ubuntu/xpdf@3.02-9

Search for packages

Package details: pkg:deb/ubuntu/xpdf@3.02-9

Essentials
History (0)

purl	pkg:deb/ubuntu/xpdf@3.02-9

Next non-vulnerable version	3.04-13
Latest non-vulnerable version	3.04-13
Risk	4.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-1ect-mzfh-aaaf Aliases: CVE-2010-3703	The PostScriptFunction::PostScriptFunction function in poppler/Function.cc in the PDF parser in poppler 0.8.7 and possibly other versions up to 0.15.1, and possibly other products, allows context-dependent attackers to cause a denial of service (crash) via a PDF file that triggers an uninitialized pointer dereference.	3.02-12ubuntu1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-69fm-uk54-aaaa Aliases: CVE-2018-18650	An issue was discovered in Xpdf 4.00. XRef::readXRefStream in XRef.cc allows attackers to launch a denial of service (Integer Overflow) via a crafted /Size value in a pdf file, as demonstrated by pdftohtml. This is mainly caused by the program attempting a malloc operation for a large amount of memory.	3.04-13 Affected by 0 other vulnerabilities.
VCID-qbky-5grj-aaah Aliases: CVE-2010-3702	The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) via unknown vectors that trigger an uninitialized pointer dereference.	3.02-12ubuntu1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-yjws-ku6g-aaaa Aliases: CVE-2018-18651	An issue was discovered in Xpdf 4.00. catalog->getNumPages() in AcroForm.cc allows attackers to launch a denial of service (hang caused by large loop) via a specific pdf file, as demonstrated by pdftohtml. This is mainly caused by a large number after the /Count field in the file.	3.04-13 Affected by 0 other vulnerabilities.
VCID-zg5j-cxdf-aaac Aliases: CVE-2010-3704	The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PDF file with a crafted PostScript Type1 font that contains a negative array index, which bypasses input validation and triggers memory corruption.	3.02-12ubuntu1 Affected by 2 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}

Vulnerabilities fixed by this package (1)

Vulnerability	Summary	Aliases
VCID-hhtb-9zus-aaae	An integer overflow condition in poppler before 0.16.3 can occur when parsing CharCodes for fonts.	CVE-2010-4653

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version