Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor Xpdf Subscribe
Total 26 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-3192 1 Xpdf 1 Xpdf 2023-12-10 7.5 HIGH N/A
Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field.
CVE-2005-3626 18 Conectiva, Debian, Easy Software Products and 15 more 33 Linux, Debian Linux, Cups and 30 more 2023-12-10 5.0 MEDIUM N/A
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
CVE-2000-0727 1 Xpdf 1 Xpdf 2023-12-10 7.6 HIGH N/A
xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters.
CVE-2000-0728 1 Xpdf 1 Xpdf 2023-12-10 7.2 HIGH N/A
xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack.
CVE-2003-0434 4 Adobe, Mandrakesoft, Redhat and 1 more 7 Acrobat, Mandrake Linux, Mandrake Linux Corporate Server and 4 more 2023-12-10 7.5 HIGH N/A
Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.
CVE-2002-1384 2 Easy Software Products, Xpdf 2 Cups, Xpdf 2023-12-10 7.2 HIGH N/A
Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.