Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Xpdf — Vulnerabilities & Security Advisories 20

Browse all 20 CVE security advisories affecting Xpdf. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Xpdf is a widely deployed suite of command-line utilities for viewing, writing, and manipulating Portable Document Format files, primarily utilized in server-side document processing pipelines. Its architecture, rooted in older C++ codebases, has historically exposed it to critical vulnerabilities, including remote code execution, buffer overflows, and use-after-free errors within PDF parsing routines. These flaws often stem from insufficient input validation and complex state management in legacy components. Security audits have identified numerous instances where crafted PDF documents could trigger arbitrary code execution or cause denial-of-service conditions. While the project maintains a focus on functionality, its age and lack of modern security-by-design principles contribute to its high vulnerability count. Administrators must treat these tools with caution, applying strict sandboxing and regular updates to mitigate risks associated with untrusted document ingestion.

Top products by Xpdf: xpdf
CVE IDTitleCVSSSeverityPublished
CVE-2026-4407 Out-of-bounds array write in Xpdf 4.06 due to missing validation — XpdfCWE-20 7.8 -2026-03-18
CVE-2025-11896 Stack overflow in Xpdf 4.05 due to object loop in PDF CMap — XpdfCWE-674 5.5AIMediumAI2025-10-16
CVE-2025-3154 Out-of-bounds array write due to invalid VerticesPerRow in Xpdf 4.05 — XpdfCWE-787 7.8AIHighAI2025-04-02
CVE-2025-2574 Out-of-bounds array write in Xpdf 4.05 due to incorrect integer overflow checking — XpdfCWE-190 7.8 -2025-03-20
CVE-2024-7868 Uninitialized variable in Xpdf 4.05 due to invalid JPEG header — XpdfCWE-457 5.5AIMediumAI2024-08-15
CVE-2024-7867 Integer overflow and divide-by-zero in Xpdf 4.05 due to bogus page box coordinates — XpdfCWE-369 5.5AIMediumAI2024-08-15
CVE-2024-7866 Stack overflow in Xpdf 4.05 due to object loop in PDF pattern — XpdfCWE-674 5.5AIMediumAI2024-08-15
CVE-2024-4976 Out-of-bounds array write in Xpdf 4.05 due to missing object type check — XpdfCWE-787 7.8AIHighAI2024-05-15
CVE-2024-4568 Stack overflow in Xpdf 4.05 due to object loop in PDF resources — XpdfCWE-674 2.9 Low2024-05-06
CVE-2024-4141 Out-of-bounds array write in Xpdf 4.05 due to incorrect bounds check — XpdfCWE-787 2.9 Low2024-04-24
CVE-2024-3900 Out-of-bounds stack array write in Xpdf 4.05 due to missing zero check — XpdfCWE-787 2.9 Low2024-04-17
CVE-2024-3248 Stack overflow in Xpdf 4.05 due to object loop in attachments — XpdfCWE-674 2.9 Low2024-04-02
CVE-2024-3247 Stack overflow in Xpdf 4.05 due to object loop in PDF object stream — XpdfCWE-674 2.9 Low2024-04-02
CVE-2024-2971 Out-of-bounds array access due to negative object numbers in indirect references in Xpdf 4.05 — XpdfCWE-787 2.9 Low2024-03-26
CVE-2023-3436 Deadlock in Xpdf 4.04 due to PDF object stream references — XpdfCWE-833 3.3 Low2023-06-27
CVE-2023-3044 Divide-by-zero in Xpdf 4.04 due to very large page size — XpdfCWE-369 3.3 Low2023-06-02
CVE-2023-2664 Stack overflow in Xpdf 4.04 due to object loop in PDF embedded file tree — XpdfCWE-674 2.9 Low2023-05-11
CVE-2023-2663 Stack overflow in Xpdf 4.04 due to object loop in PDF page label tree — XpdfCWE-674 2.9 Low2023-05-11
CVE-2023-2662 Divide-by-zero in Xpdf 4.04 due to bad color space object — XpdfCWE-369 2.9 Low2023-05-11
CVE-2010-0206 Xpdf 代码问题漏洞 — xpdf 5.5 -2019-10-30

This page lists every published CVE security advisory associated with Xpdf. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.