VulnerableCode Package Details - pkg:ebuild/app-text/xpdf@4.05

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-1c9r-2zsk-aaad	Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service.	CVE-2022-45586
VCID-1gb1-94wr-aaaf	XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.	CVE-2022-38928
VCID-23ar-va43-aaar	An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.	CVE-2022-41844
VCID-2c8j-v49s-aaac	In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.	CVE-2023-2664
VCID-2mk4-bhs6-aaap	An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.	CVE-2022-41843
VCID-2s9j-3pt1-aaah	XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.	CVE-2018-16369
VCID-361m-ab7e-aaas	xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.	CVE-2022-30775
VCID-71b1-cyyf-aaah	XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.	CVE-2022-36561
VCID-aa5e-qwu4-aaas	In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.	CVE-2023-2663
VCID-b5th-1gfr-aaab	XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.	CVE-2022-33108
VCID-ehvz-yykp-aaaa	XPDF v4.04 was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.	CVE-2022-38334
VCID-eyva-cpym-aaah	Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.	CVE-2018-7453
VCID-jg91-shz4-aaak	An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.	CVE-2022-41842
VCID-q77v-deds-aaag	There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.	CVE-2022-38222
VCID-re1n-4etj-aaaq	A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.	CVE-2022-43071
VCID-u13t-6kxv-aaak	XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795.	CVE-2022-43295
VCID-untc-edfj-aaaf	An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.	CVE-2023-3044
VCID-v48m-839z-aaas	Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream.	CVE-2023-3436
VCID-w4ye-ycys-aaah	Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.	CVE-2022-45587
VCID-wt7n-3qa6-aaad	In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.	CVE-2023-2662
VCID-xf1b-4f98-aaan	There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.	CVE-2022-30524

Vulnerability

Summary

Aliases

VCID-1c9r-2zsk-aaad

Stack overflow vulnerability in function Dict::find in xpdf/Dict.cc in xpdf 4.04, allows local attackers to cause a denial of service.

CVE-2022-45586

VCID-1gb1-94wr-aaaf

XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.

CVE-2022-38928

VCID-23ar-va43-aaar

An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.

CVE-2022-41844

VCID-2c8j-v49s-aaac

In Xpdf 4.04 (and earlier), a PDF object loop in the embedded file tree leads to infinite recursion and a stack overflow.

CVE-2023-2664

VCID-2mk4-bhs6-aaap

An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.

CVE-2022-41843

VCID-2s9j-3pt1-aaah

XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453.

CVE-2018-16369

VCID-361m-ab7e-aaas

xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.

CVE-2022-30775

VCID-71b1-cyyf-aaah

XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.

CVE-2022-36561

VCID-aa5e-qwu4-aaas

In Xpdf 4.04 (and earlier), a PDF object loop in the page label tree leads to infinite recursion and a stack overflow.

CVE-2023-2663

VCID-b5th-1gfr-aaab

XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.

CVE-2022-33108

VCID-ehvz-yykp-aaaa

XPDF v4.04 was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.

CVE-2022-38334

VCID-eyva-cpym-aaah

Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.

CVE-2018-7453

VCID-jg91-shz4-aaak

An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.

CVE-2022-41842

VCID-q77v-deds-aaag

There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.

CVE-2022-38222

VCID-re1n-4etj-aaaq

A stack overflow in the Catalog::readPageLabelTree2(Object*) function of XPDF v4.04 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

CVE-2022-43071

VCID-u13t-6kxv-aaak

XPDF v4.04 was discovered to contain a stack overflow via the function FileStream::copy() at xpdf/Stream.cc:795.

CVE-2022-43295

VCID-untc-edfj-aaaf

An excessively large PDF page size (found in fuzz testing, unlikely in normal PDF files) can result in a divide-by-zero in Xpdf's text extraction code. This is related to CVE-2022-30524, but the problem here is caused by a very large page size, rather than by a very large character coordinate.

CVE-2023-3044

VCID-v48m-839z-aaas

Xpdf 4.04 will deadlock on a PDF object stream whose "Length" field is itself in another object stream.

CVE-2023-3436

VCID-w4ye-ycys-aaah

Stack overflow vulnerability in function gmalloc in goo/gmem.cc in xpdf 4.04, allows local attackers to cause a denial of service.

CVE-2022-45587

VCID-wt7n-3qa6-aaad

In Xpdf 4.04 (and earlier), a bad color space object in the input PDF file can cause a divide-by-zero.

CVE-2023-2662

VCID-xf1b-4f98-aaan

There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by (for example) sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denial of Service (Segmentation fault) or possibly have unspecified other impact.

CVE-2022-30524

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2024-09-25T07:52:19.795181+00:00	Gentoo Importer	Fixing	VCID-v48m-839z-aaas	https://security.gentoo.org/glsa/202409-25	34.0.1
2024-09-25T07:52:19.780184+00:00	Gentoo Importer	Fixing	VCID-untc-edfj-aaaf	https://security.gentoo.org/glsa/202409-25	34.0.1
2024-09-25T07:52:19.765472+00:00	Gentoo Importer	Fixing	VCID-2c8j-v49s-aaac	https://security.gentoo.org/glsa/202409-25	34.0.1
2024-09-25T07:52:19.751491+00:00	Gentoo Importer	Fixing	VCID-aa5e-qwu4-aaas	https://security.gentoo.org/glsa/202409-25	34.0.1
2024-09-25T07:52:19.736495+00:00	Gentoo Importer	Fixing	VCID-wt7n-3qa6-aaad	https://security.gentoo.org/glsa/202409-25	34.0.1
2024-09-25T07:52:19.721441+00:00	Gentoo Importer	Fixing	VCID-w4ye-ycys-aaah	https://security.gentoo.org/glsa/202409-25	34.0.1
2024-09-25T07:52:19.707165+00:00	Gentoo Importer	Fixing	VCID-1c9r-2zsk-aaad	https://security.gentoo.org/glsa/202409-25	34.0.1
2024-09-25T07:52:19.691890+00:00	Gentoo Importer	Fixing	VCID-u13t-6kxv-aaak	https://security.gentoo.org/glsa/202409-25	34.0.1
2024-09-25T07:52:19.673252+00:00	Gentoo Importer	Fixing	VCID-re1n-4etj-aaaq	https://security.gentoo.org/glsa/202409-25	34.0.1
2024-09-25T07:52:19.654175+00:00	Gentoo Importer	Fixing	VCID-23ar-va43-aaar	https://security.gentoo.org/glsa/202409-25	34.0.1
2024-09-25T07:52:19.637756+00:00	Gentoo Importer	Fixing	VCID-2mk4-bhs6-aaap	https://security.gentoo.org/glsa/202409-25	34.0.1
2024-09-25T07:52:19.618588+00:00	Gentoo Importer	Fixing	VCID-jg91-shz4-aaak	https://security.gentoo.org/glsa/202409-25	34.0.1
2024-09-25T07:52:19.600999+00:00	Gentoo Importer	Fixing	VCID-1gb1-94wr-aaaf	https://security.gentoo.org/glsa/202409-25	34.0.1
2024-09-25T07:52:19.583992+00:00	Gentoo Importer	Fixing	VCID-ehvz-yykp-aaaa	https://security.gentoo.org/glsa/202409-25	34.0.1
2024-09-25T07:52:19.567183+00:00	Gentoo Importer	Fixing	VCID-q77v-deds-aaag	https://security.gentoo.org/glsa/202409-25	34.0.1
2024-09-25T07:52:19.547592+00:00	Gentoo Importer	Fixing	VCID-71b1-cyyf-aaah	https://security.gentoo.org/glsa/202409-25	34.0.1
2024-09-25T07:52:19.529875+00:00	Gentoo Importer	Fixing	VCID-b5th-1gfr-aaab	https://security.gentoo.org/glsa/202409-25	34.0.1
2024-09-25T07:52:19.512969+00:00	Gentoo Importer	Fixing	VCID-361m-ab7e-aaas	https://security.gentoo.org/glsa/202409-25	34.0.1
2024-09-25T07:52:19.493687+00:00	Gentoo Importer	Fixing	VCID-xf1b-4f98-aaan	https://security.gentoo.org/glsa/202409-25	34.0.1
2024-09-25T07:52:19.473820+00:00	Gentoo Importer	Fixing	VCID-2s9j-3pt1-aaah	https://security.gentoo.org/glsa/202409-25	34.0.1
2024-09-25T07:52:19.447480+00:00	Gentoo Importer	Fixing	VCID-eyva-cpym-aaah	https://security.gentoo.org/glsa/202409-25	34.0.1