Xpdf CVE Vulnerabilities & CVE List (82)

Products (CPE): — CVEs: 82

Xpdf vulnerability overview

Aggregates CVE and security vulnerability intelligence across all Xpdf-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.

Historical issues mainly involve vendor risk memory corruption and vendor risk buffer overflow and related problems; some flaws may lead to vendor impact memory corruption, affecting vendor surface software deployment scenarios.

Vulnerability distribution trend (last 24 months)

Showing 6180 of 82 CVEs
CVE Summary Source Max CVSS EPSS % Published Updated
CVE-2018-18455 The GfxImageColorMap class in GfxState.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. [email protected] 5.5 1.14% 2018-10-18 2026-06-16
CVE-2018-18454 CCITTFaxStream::readRow() in Stream.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. [email protected] 5.5 1.22% 2018-10-18 2026-06-16
CVE-2018-16369 XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NOTE: this might overlap CVE-2018-7453. [email protected] 5.5 1.62% 2018-09-02 2026-06-16
CVE-2018-16368 SplashXPath::strokeAdjust in splash/SplashXPath.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted pdf file, as demonstrated by pdftoppm. [email protected] 5.5 1.14% 2018-09-02 2026-06-16
CVE-2018-11033 The DCTStream::readHuffSym function in Stream.cc in the DCT decoder in xpdf before 4.00 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JPEG data. [email protected] 7.8 1.28% 2018-05-13 2026-06-16
CVE-2018-8107 The JPXStream::close function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. [email protected] 5.5 0.80% 2018-03-13 2026-06-16
CVE-2018-8106 The JPXStream::readTilePartData function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. [email protected] 5.5 0.80% 2018-03-13 2026-06-16
CVE-2018-8105 The JPXStream::fillReadBuf function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. [email protected] 5.5 0.80% 2018-03-13 2026-06-16
CVE-2018-8104 The BufStream::lookChar function in Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. [email protected] 5.5 0.80% 2018-03-13 2026-06-16
CVE-2018-8103 The JBIG2Stream::readGenericBitmap function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. [email protected] 5.5 0.81% 2018-03-13 2026-06-16
CVE-2018-8102 The JBIG2MMRDecoder::getBlackCode function in JBIG2Stream.cc in xpdf 4.00 allows attackers to launch denial of service (buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. [email protected] 5.5 0.80% 2018-03-13 2026-06-16
CVE-2018-8101 The JPXStream::inverseTransformLevel function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer over-read and application crash) via a specific pdf file, as demonstrated by pdftohtml. [email protected] 5.5 0.80% 2018-03-13 2026-06-16
CVE-2018-8100 The JPXStream::readTilePart function in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a specific pdf file, as demonstrated by pdftohtml. [email protected] 7.8 0.93% 2018-03-13 2026-06-16
CVE-2018-7455 An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. [email protected] 5.5 0.80% 2018-02-24 2026-06-16
CVE-2018-7454 A NULL pointer dereference in XFAForm::scanFields in XFAForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. [email protected] 5.5 0.80% 2018-02-24 2026-06-16
CVE-2018-7453 Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml. [email protected] 5.5 0.92% 2018-02-24 2026-06-16
CVE-2018-7452 A NULL pointer dereference in JPXStream::fillReadBuf in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml. [email protected] 5.5 0.80% 2018-02-24 2026-06-16
CVE-2018-7175 An issue was discovered in xpdf 4.00. A NULL pointer dereference in readCodestream allows an attacker to cause denial of service via a JPX image with zero components. [email protected] 5.5 0.84% 2018-02-15 2026-06-16
CVE-2018-7174 An issue was discovered in xpdf 4.00. An infinite loop in XRef::Xref allows an attacker to cause denial of service because loop detection exists only for tables, not streams. [email protected] 5.5 0.85% 2018-02-15 2026-06-16
CVE-2018-7173 A large loop in JBIG2Stream::readSymbolDictSeg in xpdf 4.00 allows an attacker to cause denial of service via a specific file due to inappropriate decoding. [email protected] 5.5 0.80% 2018-02-15 2026-06-16
cvelogic Threat Intelligence