A stack-based buffer over-read exists in PostScriptFunction::transform in Function.cc in Xpdf 4.01.01 because GfxSeparationColorSpace and GfxDeviceNColorSpace mishandle tint transform functions. It can, for example, be triggered by sending a crafted PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data.

A stack-based buffer over-read exists in FoFiTrueType::dumpString in fofi/FoFiTrueType.cc in Xpdf 4.01.01. It can, for example, be triggered by sending crafted TrueType data in a PDF document to the pdftops tool. It might allow an attacker to cause Denial of Service or leak memory data into dump content.

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PSOutputDev::checkPageSlice at PSOutputDev.cc for nStripes.

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec in Function.cc for the psOpRoll case.

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpMod case.

An issue was discovered in Xpdf 4.01.01. There is a NULL pointer dereference in the function Gfx::opSetExtGState in Gfx.cc.

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nComps.

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function PostScriptFunction::exec at Function.cc for the psOpIdiv case.

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function Splash::scaleImageYuXu at Splash.cc for y Bresenham parameters.

An issue was discovered in Xpdf 4.01.01. There is an FPE in the function ImageStream::ImageStream at Stream.cc for nBits.