Shodan
Vulnerabilities
Vulnerable Software
Xpdfreader:  >> Xpdf  >> 4.04  Security Vulnerabilities
CVE-2022-41842
An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.
CVSS Score
5.5
EPSS Score
0.002
Published
2022-09-30
CVE-2022-41843
An issue was discovered in Xpdf 4.04. There is a crash in convertToType0 in fofi/FoFiType1C.cc, a different vulnerability than CVE-2022-38928.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-09-30
CVE-2022-41844
An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-30
CVE-2022-38222
There is a use-after-free issue in JBIG2Stream::close() located in JBIG2Stream.cc in Xpdf 4.04. It can be triggered by sending a crafted PDF file to (for example) the pdfimages binary. It allows an attacker to cause Denial of Service or possibly have unspecified other impact.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-29
CVE-2022-38928
XPDF 4.04 is vulnerable to Null Pointer Dereference in FoFiType1C.cc:2393.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-09-21
CVE-2022-38334
XPDF v4.04 and earlier was discovered to contain a stack overflow via the function Catalog::countPageTree() at Catalog.cc.
CVSS Score
5.5
EPSS Score
0.0
Published
2022-09-15
CVE-2022-36561
XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-08-30
CVE-2022-38171
Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by CVE-2021-30860 (Apple CoreGraphics).
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-22
CVE-2022-33108
XPDF v4.04 was discovered to contain a stack overflow vulnerability via the Object::Copy class of object.cc files.
CVSS Score
7.8
EPSS Score
0.002
Published
2022-06-28
CVE-2022-30775
xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by (for example) sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKE_CXX_COMPILER=afl-clang-fast++ option.
CVSS Score
5.5
EPSS Score
0.003
Published
2022-05-16


Products
Pricing
Contact Us

Shodan ® - All rights reserved