CVE Tools

glyph & cog

OSS Librariesoss-project

2

Cumulative CVEs

1

Monthly snapshots

#31

Peak rank

Top products

Latest CVEs

The 12 most recently published vulnerabilities affecting glyph & cog.

CVE-2025-2574Out-of-bounds array write in Xpdf 4.05 due to incorrect integer overflow checking2.9Mar 20, 2025
CVE-2024-7868Uninitialized variable in Xpdf 4.05 due to invalid JPEG header8.2Aug 15, 2024
CVE-2022-48545An infinite recursion in Catalog::findDestInTree can cause denial of service for xpdf 4.02.5.5Aug 22, 2023
CVE-2022-41844An issue was discovered in Xpdf 4.04. There is a crash in XRef::fetch(int, int, Object*, int) in xpdf/XRef.cc, a different vulnerability than CVE-2018-16369 and CVE-2019-16088.5.5Sep 30, 2022
CVE-2022-36561XPDF v4.0.4 was discovered to contain a segmentation violation via the component /xpdf/AcroForm.cc:538.5.5Aug 30, 2022
CVE-2022-38171Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in JBIG2Stream.cc). Processing a specially crafted PDF file or JBIG2 image could lead ...7.8Aug 22, 2022
CVE-2020-25725In Xpdf 4.02, SplashOutputDev::endType3Char(GfxState *state) SplashOutputDev.cc:3079 is trying to use the freed `t3GlyphStack->cache`, which causes an `heap-use-after-free` problem. The codes of a ...5.0Nov 21, 2020
CVE-2019-10018An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.5.5Mar 24, 2019
CVE-2018-16369XRef::fetch in XRef.cc in Xpdf 4.00 allows remote attackers to cause a denial of service (stack consumption) via a crafted pdf file, related to AcroForm::scanField, as demonstrated by pdftohtml. NO...5.5Sep 3, 2018
CVE-2018-7453Infinite recursion in AcroForm::scanField in AcroForm.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file due to lack of loop checking, as demonstrated by pdftohtml.5.5Feb 24, 2018
CVE-2010-3702The Gfx::getPos function in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, CUPS, kdegraphics, and possibly other products allows context-dependent at...7.5Nov 5, 2010
CVE-2010-3704The FoFiType1::parse function in fofi/FoFiType1.cc in the PDF parser in xpdf before 3.02pl5, poppler 0.8.7 and possibly other versions up to 0.15.1, kdegraphics, and possibly other products allows ...6.8Nov 5, 2010