Glyphandcog: >> Xpdfreader >> 4.02 Security Vulnerabilities
In Xpdf prior to 4.04, the DCT (JPEG) decoder was incorrectly allowing the 'interleaved' flag to be changed after the first scan of the image, leading to an unknown integer-related vulnerability in Stream.cc.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-30
Xpdf prior to 4.04 lacked an integer overflow check in JPXStream.cc.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-08-30
Catalog.cc in Xpdf 4.02 has a NULL pointer dereference because Catalog.pageLabels is initialized too late in the Catalog constructor.
CVSS Score
5.5
EPSS Score
0.003
Published
2019-10-01