EUVD-2026-34766

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

EUVD-2026-34764

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

EUVD-2026-34765

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: Low...

EUVD-2026-34767

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

CVE-2026-11307

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

CVE-2026-11306

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

CVE-2026-11303

Concisely: Affects Google Chrome (PDFium) with a use-after-free in PDFium when handling crafted PDFs, enabling remote code execution inside the sandbox. Vulnerable in Chrome versions prior to 149.0.7827.53; mitigation is to upgrade to 149.0.7827.53 or later. No exploitation/weaponization details ...

CVE-2026-11169

Inappropriate implementation in XML in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted XML file. Chromium security severity: Medium...

PT-2026-46831

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: Low...

DEBIAN-CVE-2026-10002

Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...

CVE-2026-10002

Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...

CVE-2026-9958

Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...

OPENSUSE-SU-2026:20831-1 Security update for python-Pillow

This update for python-Pillow fixes the following issues - CVE-2026-42308: integer overflow in font processing can lead to denial of service bsc1265359. - CVE-2026-42309: heap buffer overflow when processing nested list coordinates bsc1265153. - CVE-2026-42310: infinite loop and resource exhausti...

USN-8321-1: Papers vulnerability

It was discovered that Papers incorrectly handled PDF /GoToR actions. If a user were tricked into opening a specially crafted PDF file, an attacker could use this issue to manipulate command lines and possibly execute arbitrary code...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the reuse of PDF files after their release, potentially allowing remote attackers to execute arbitrary code with...

EUVD-2026-31812

A heap-based buffer overflow vulnerability exists in XML parser functionality in the HiDraw. An authenticated malicious user with local access can exploit this vulnerability using a specially crafted XML file which may lead to memory corruption and potential arbitrary code execution. Successful...

OPENSUSE-SU-2026:20794-1 Security update for python-PyPDF2

This update for python-PyPDF2 fixes the following issues: Changes in python-PyPDF2: - CVE-2026-41312: Fixed issue where crafed PDF can lead to resources exhaustion bsc1262675 - CVE-2026-41314: Fixed a denial of service via manipulated FlateDecode image dimensions can lead to RAM exhaustion...

[SECURITY] [DSA 6286-1] evince security update

------------------------------------------------------------------------- Debian Security Advisory DSA-6286-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso May 21, 2026 https://www.debian.org/security/faq -...

Astra Linux - уязвимость в ghostscript

A heap-based buffer overwrite vulnerability was discovered in the lp8000printpage function of GhostScript, located in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a specially crafted PDF file, triggering a heap buffer overflow that could lead to memory corruption...

ROS-20260520-73-0023

A vulnerability in the PDFium component of Google Chrome and Microsoft Edge browsers is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted PDF file...