Headline
CVE-2022-41842: Download Xpdf and XpdfReader
An issue was discovered in Xpdf 4.04. There is a crash in gfseek(_IO_FILE*, long, int) in goo/gfile.cc.
Current version: 4.04
Released: 2022 Apr 18
The GPG/PGP key used to sign the packages is available here, or from the PGP keyservers (search for [email protected]).
Download XpdfReader:
- Linux 32-bit: download (GPG signature)
- Linux 64-bit: download (GPG signature)
- Windows 32-bit (Win 7 and newer): download (GPG signature)
- Windows 64-bit (Win 7 and newer): download (GPG signature)
Download the Xpdf command line tools:
- Linux 32/64-bit: download (GPG signature)
- Windows 32/64-bit (Win 7 and newer): download (GPG signature)
- Mac 64-bit: download (GPG signature)
Download the Xpdf source code:
- source code (GPG signature)
- fixed URL for latest version (for automated mirroring, etc.)
- Apache-licensed modules (GPG signature)
- old versions
Download fonts:
- Type 1 fonts - Symbol and Zapf Dingbats
Download language support packages for Xpdf:
- Arabic [updated 2011-Aug-15]
- Chinese/simplified [updated 2020-Dec-22]
- Chinese/traditional [updated 2020-Dec-22]
- Cyrillic [updated 2011-Aug-15]
- Greek [updated 2011-Aug-15]
- Hebrew [updated 2011-Aug-15]
- Japanese [updated 2020-Dec-22]
- Korean [updated 2020-Dec-22]
- Latin2 [updated 2011-Aug-15]
- Thai [updated 2011-Aug-15]
- Turkish [updated 2011-Aug-15]
Xpdf and XpdfReader use the following open source libraries:
- Qt - download Qt 5.9.7
- FreeType - download FreeType 2.12.0
- libpng - download libpng 1.6.35
- zlib - download zlib 1.2.12
- Little CMS - download lcms 2.12
Related news
Gentoo Linux Security Advisory 202409-25
Gentoo Linux Security Advisory 202409-25 - Multiple vulnerabilities have been found in Xpdf, the worst of which could result in denial of service. Versions greater than or equal to 4.05 are affected.