Summary
Detail | |||
---|---|---|---|
Vendor | Xpdf | First view | 2000-10-20 |
Product | Xpdf | Last view | 2009-12-21 |
Version | Type | Application | |
Update | |||
Edition | |||
Language | |||
Sofware Edition | |||
Target Software | |||
Target Hardware | |||
Other |
Activity : Overall
COMMON PLATFORM ENUMERATION: Repartition per Version
Related : CVE
Date | Alert | Description | |
---|---|---|---|
9.3 | 2009-12-21 | CVE-2009-4035 | The FoFiType1::parse function in fofi/FoFiType1.cc in Xpdf 3.0.0, gpdf 2.8.2, kpdf in kdegraphics 3.3.1, and possibly other libraries and versions, does not check the return value of the getNextLine function, which allows context-dependent attackers to execute arbitrary code via a PDF file with a crafted Type 1 font that can produce a negative value, leading to a signed-to-unsigned integer conversion error and a buffer overflow. |
9.3 | 2007-11-07 | CVE-2007-5393 | Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a PDF file that contains a crafted CCITTFaxDecode filter. |
9.3 | 2007-11-07 | CVE-2007-5392 | Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.02p11 allows remote attackers to execute arbitrary code via a crafted PDF file, resulting in a heap-based buffer overflow. |
7.6 | 2007-11-07 | CVE-2007-4352 | Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file. |
6.8 | 2007-01-08 | CVE-2007-0104 | The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file with a (1) crafted catalog dictionary or (2) a crafted Pages attribute that references an invalid page tree node. |
7.6 | 2006-03-15 | CVE-2006-1244 | Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature. |
7.5 | 2006-03-08 | CVE-2006-0746 | Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in CVE-2005-3627. |
7.5 | 2006-01-30 | CVE-2006-0301 | Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. |
7.5 | 2005-12-31 | CVE-2005-3628 | Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors. |
7.5 | 2005-12-31 | CVE-2005-3627 | Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo. |
5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
7.5 | 2005-12-07 | CVE-2005-3192 | Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitrary code via a PDF file with an out-of-range numComps (number of components) field. |
5.1 | 2005-12-06 | CVE-2005-3193 | Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with large size values that cause insufficient memory to be allocated. |
5.1 | 2005-12-06 | CVE-2005-3191 | Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KDE kpdf, (d) pdftohtml, (e) KOffice KWord, (f) CUPS, and (g) libextractor allow user-assisted attackers to cause a denial of service (heap corruption) and possibly execute arbitrary code via a crafted PDF file with an out-of-range number of components (numComps), which is used as an array index. |
2.1 | 2005-08-16 | CVE-2005-2097 | xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken" loca table, which causes a large temporary file to be created when xpdf attempts to reconstruct the information. |
7.5 | 2005-05-02 | CVE-2005-0064 | Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value. |
7.5 | 2005-04-27 | CVE-2005-0206 | The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. |
10 | 2005-01-27 | CVE-2004-0889 | Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888. |
10 | 2005-01-27 | CVE-2004-0888 | Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889. |
9.3 | 2005-01-10 | CVE-2004-1125 | Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded. |
7.5 | 2003-07-24 | CVE-2003-0434 | Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink. |
7.2 | 2003-01-02 | CVE-2002-1384 | Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf. |
7.2 | 2000-10-20 | CVE-2000-0728 | xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
53% (7) | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
15% (2) | CWE-399 | Resource Management Errors |
15% (2) | CWE-20 | Improper Input Validation |
7% (1) | CWE-189 | Numeric Errors |
7% (1) | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
CAPEC : Common Attack Pattern Enumeration & Classification
id | Name |
---|---|
CAPEC-47 | Buffer Overflow via Parameter Expansion |
Oval Markup Language : Definitions
OvalID | Name |
---|---|
oval:org.mitre.oval:def:664 | Code Execution Vulnerability in XPDF PDF Viewer |
oval:org.mitre.oval:def:9714 | Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use x... |
oval:org.mitre.oval:def:10830 | Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and oth... |
oval:org.mitre.oval:def:11781 | Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and oth... |
oval:org.mitre.oval:def:11107 | The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-... |
oval:org.mitre.oval:def:10280 | xpdf and kpdf do not properly validate the "loca" table in PDF files, which a... |
oval:org.mitre.oval:def:9760 | Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF... |
oval:org.mitre.oval:def:10914 | Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as u... |
oval:org.mitre.oval:def:11440 | Heap-based buffer overflow in the JPXStream::readCodestream function in the J... |
oval:org.mitre.oval:def:9437 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf... |
oval:org.mitre.oval:def:9575 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS... |
oval:org.mitre.oval:def:9992 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS... |
oval:org.mitre.oval:def:10200 | Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler... |
oval:org.mitre.oval:def:10287 | Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in... |
oval:org.mitre.oval:def:10850 | Heap-based buffer overflow in Splash.cc in xpdf, as used in other products su... |
oval:org.mitre.oval:def:11441 | Certain patches for kpdf do not include all relevant patches from xpdf that w... |
oval:org.mitre.oval:def:9979 | Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/St... |
oval:org.mitre.oval:def:10036 | Integer overflow in the DCTStream::reset method in xpdf/Stream.cc in Xpdf 3.0... |
oval:org.mitre.oval:def:9839 | Heap-based buffer overflow in the CCITTFaxStream::lookChar method in xpdf/Str... |
oval:org.mitre.oval:def:7985 | DSA-1537 xpdf -- several vulnerabilities |
oval:org.mitre.oval:def:7858 | DSA-1509 koffice -- multiple vulnerabilities |
oval:org.mitre.oval:def:7107 | DSA-1480 poppler -- several vulnerabilities |
oval:org.mitre.oval:def:20264 | DSA-1408-1 kdegraphics - buffer overflow with arbitrary code execution |
oval:org.mitre.oval:def:20193 | DSA-1480-1 poppler - several vulnerabilities |
oval:org.mitre.oval:def:18702 | DSA-1509-1 koffice - multiple vulnerabilities |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
61207 | KDE KPDF xpdf/fofi/FoFiType1.cc FoFiType1::parse() Function Overflow |
44330 | CUPS on Red Hat 64-bit pdftops Crafted PDF File Handling Overflow |
39543 | Xpdf xpdf/Stream.cc CCITTFaxStream::lookChar Method PDF Handling Overflow |
39542 | Xpdf xpdf/Stream.cc DCTStream::reset Method PDF Handling Memory Corruption |
39541 | Xpdf xpdf/Stream.cc DCTStream::readProgressiveDataUnit Method PDF Handling Me... |
32871 | Multiple Products Adobe PDF Specification Invalid Tree Node DoS |
32870 | Multiple Products Adobe PDF Specification Malformed Catalog Dictionary DoS |
23834 | Multiple Products Xpdf/kpdf Multiple Unspecified Issues |
23833 | KDE kpdf Patch Regression Weakness |
22833 | Multiple Products Xpdf/kpdf Splash Image Dimension Field Overflow |
22821 | Multiple Products Xpdf/kpdf JBIG2Stream.cc JBIG2Bitmap::JBIG2Bitmap Function ... |
22236 | Multiple Products Xpdf/kpdf Stream.cc DCTDecode Stream Processing Multiple Fu... |
22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
21463 | Multiple Products Xpdf/kpdf JPXStream.cc JPXStream::readCodestream Function O... |
21462 | Multiple Products Xpdf/kpdf StreamPredictor Function numComps Field Overflow DoS |
18693 | GNOME gpdf Temporary File Disk Space Consumption DoS |
18667 | KDE kpdf Temporary File Disk Space Consumption DoS |
18666 | Xpdf Temporary File Disk Space Consumption DoS |
16894 | Xpdf Integer Overflow Patch 64 Bit Architecture Failure |
13149 | Xpdf Multiple Unspecified Remote Overflows |
13050 | Xpdf Decrypt::makeFileKey2() keyLength Overflow |
12554 | Multiple Vendor pdf Gfx::doImage() Function Overflow |
11034 | Xpdf Page Size Remote Overflow |
OpenVAS Exploits
id | Description |
---|---|
2011-08-09 | Name : CentOS Update for xpdf CESA-2009:1680 centos4 i386 File : nvt/gb_CESA-2009_1680_xpdf_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for gpdf CESA-2009:1681 centos4 i386 File : nvt/gb_CESA-2009_1681_gpdf_centos4_i386.nasl |
2011-08-09 | Name : CentOS Update for kdegraphics CESA-2009:1682 centos4 i386 File : nvt/gb_CESA-2009_1682_kdegraphics_centos4_i386.nasl |
2009-12-30 | Name : RedHat Security Advisory RHSA-2009:1680 File : nvt/RHSA_2009_1680.nasl |
2009-12-30 | Name : RedHat Security Advisory RHSA-2009:1681 File : nvt/RHSA_2009_1681.nasl |
2009-12-30 | Name : RedHat Security Advisory RHSA-2009:1682 File : nvt/RHSA_2009_1682.nasl |
2009-12-30 | Name : CentOS Security Advisory CESA-2009:1680 (xpdf) File : nvt/ovcesa2009_1680.nasl |
2009-12-30 | Name : CentOS Security Advisory CESA-2009:1681 (gpdf) File : nvt/ovcesa2009_1681.nasl |
2009-12-30 | Name : CentOS Security Advisory CESA-2009:1682 (kdegraphics) File : nvt/ovcesa2009_1682.nasl |
2009-10-13 | Name : SLES10: Security update for kdegraphics3-pdf File : nvt/sles10_kdegraphics3-pd.nasl |
2009-10-13 | Name : SLES10: Security update for xpdf File : nvt/sles10_xpdf1.nasl |
2009-10-10 | Name : SLES9: Security update for cups File : nvt/sles9p5011363.nasl |
2009-10-10 | Name : SLES9: Security update for cups File : nvt/sles9p5012225.nasl |
2009-10-10 | Name : SLES9: Security update for CUPS File : nvt/sles9p5014529.nasl |
2009-10-10 | Name : SLES9: Security update for Cups File : nvt/sles9p5016608.nasl |
2009-10-10 | Name : SLES9: Security update for Cups File : nvt/sles9p5020714.nasl |
2009-04-09 | Name : Mandriva Update for koffice MDKSA-2007:018 (koffice) File : nvt/gb_mandriva_MDKSA_2007_018.nasl |
2009-04-09 | Name : Mandriva Update for pdftohtml MDKSA-2007:019 (pdftohtml) File : nvt/gb_mandriva_MDKSA_2007_019.nasl |
2009-04-09 | Name : Mandriva Update for poppler MDKSA-2007:020 (poppler) File : nvt/gb_mandriva_MDKSA_2007_020.nasl |
2009-04-09 | Name : Mandriva Update for xpdf MDKSA-2007:021 (xpdf) File : nvt/gb_mandriva_MDKSA_2007_021.nasl |
2009-04-09 | Name : Mandriva Update for tetex MDKSA-2007:022 (tetex) File : nvt/gb_mandriva_MDKSA_2007_022.nasl |
2009-04-09 | Name : Mandriva Update for kdegraphics MDKSA-2007:024 (kdegraphics) File : nvt/gb_mandriva_MDKSA_2007_024.nasl |
2009-04-09 | Name : Mandriva Update for xpdf MDKSA-2007:219 (xpdf) File : nvt/gb_mandriva_MDKSA_2007_219.nasl |
2009-04-09 | Name : Mandriva Update for kdegraphics MDKSA-2007:221 (kdegraphics) File : nvt/gb_mandriva_MDKSA_2007_221.nasl |
2009-04-09 | Name : Mandriva Update for koffice MDKSA-2007:222 (koffice) File : nvt/gb_mandriva_MDKSA_2007_222.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Infinity CGI exploit scanner nph-exploitscanget.cgi access RuleID : 2222-community - Type : SERVER-WEBAPP - Revision : 20 |
2014-01-10 | Infinity CGI exploit scanner nph-exploitscanget.cgi access RuleID : 2222 - Type : SERVER-WEBAPP - Revision : 20 |
2014-01-10 | Adobe Acrobat Reader PDF Catalog Handling denial of service attempt RuleID : 17361 - Type : FILE-PDF - Revision : 16 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2014-02-18 | Name: The remote Gentoo host is missing one or more security-related patches. File: gentoo_GLSA-201402-17.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-1022.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-1023.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-1024.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2007-1025.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-1026.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-1027.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2007-1028.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2007-1029.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2007-1030.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2008-0206.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2009-1680.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing a security update. File: oraclelinux_ELSA-2009-1681.nasl - Type: ACT_GATHER_INFO |
2013-07-12 | Name: The remote Oracle Linux host is missing one or more security updates. File: oraclelinux_ELSA-2009-1682.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-041.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2005-042.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing a security update. File: mandrake_MDKSA-2005-043.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-044.nasl - Type: ACT_GATHER_INFO |
2012-09-06 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2005-056.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20071107_cups_on_SL4_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20071107_cups_on_SL5_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing a security update. File: sl_20071107_gpdf_on_SL4_x.nasl - Type: ACT_GATHER_INFO |
2012-08-01 | Name: The remote Scientific Linux host is missing one or more security updates. File: sl_20071107_poppler_on_SL5_x.nasl - Type: ACT_GATHER_INFO |