EUVD-2026-33694

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the reuse of resources after PDFium was released, which could allow remote attackers to exploit heap corruption...

[SECURITY] [DLA 4597-1] atril security update

Debian LTS Advisory DLA-4597-1 [email protected] https://www.debian.org/lts/security/ Andreas Henriksson May 22, 2026 https://wiki.debian.org/LTS Package : atril Version : 1.24.0-1+deb11u2 CVE ID : CVE-2026-46529 It was discovered that atril, a simple multi-page document viewer, is pron...

Astra Linux - уязвимость в chromium

Integer overflow in PDF files in Google Chrome prior to version 110.0.5481.177 allowed a remote attacker to potentially exploit heap corruption through a crafted PDF file. Chromium security severity: Medium...

Adobe Acrobat and Reader Heap-Based Buffer Overflow Vulnerability

Adobe Acrobat and Reader contain a heap-based buffer overflow vulnerability which could allow remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption...

Astra Linux – Vulnerability in Chromium

Insufficient policy enforcement in PDF files in Google Chrome prior to version 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions through a crafted PDF file. Chromium security severity: Low...

PT-2026-3024

Name of the Vulnerable Software and Affected Versions Omnispace Agora Project versions prior to 25.10 Description A file upload issue exists in Omnispace Agora Project. Attackers can potentially execute code by uploading a specially crafted PDF file. This is possible through the MSL engine of the...

CVE-2025-65783

An arbitrary file upload vulnerability in the /utils/uploadFile component of Hubert Imoveis e Administracao Ltda Hub v2.0 1.27.3 allows attackers to execute arbitrary code via uploading a crafted PDF file...

CVE-2025-66837

A file upload vulnerability in ARIS 10.0.23.0.3587512 allows attackers to execute arbitrary code via uploading a crafted PDF file/Malware...

CVE-2025-57462

MachSol MachPanel 8.0.32 is affected by a stored cross-site scripting (XSS) vulnerability exploitable through a crafted PDF file. The issue allows execution of arbitrary web scripts or HTML, as described across multiple sources (NVD, Red Hat, EUVD, CVE list, CNNVD, CNVD). CVSS 3.1 base score 6.1 ...

Umbraco CMS 安全漏洞

Umbraco CMS is a content management system from Umbraco, Denmark. A security vulnerability exists in Umbraco CMS version v16.3.3, which stems from the fact that uploading a specially crafted PDF file may result in the execution of arbitrary code...

CVE-2025-56526

Cross site scripting XSS vulnerability in Kotaemon 0.11.0 allowing attackers to execute arbitrary code via a crafted PDF...

EUVD-2025-34911

An arbitrary file upload vulnerability in SigningHub v8.6.8 allows attackers to execute arbitrary code via uploading a crafted PDF file...

CVE-2025-56218

An arbitrary file upload vulnerability in SigningHub v8.6.8 allows attackers to execute arbitrary code via uploading a crafted PDF file...

USN-7803-1: poppler vulnerability

It was discovered that poppler incorrectly handled certain PDF files. If a user or automated system were tricked into opening a specially crafted document, a remote attacker could use this issue to cause poppler to crash, leading to a denial of service...

Linux Distros Unpatched Vulnerability : CVE-2018-20751

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in croppage in PoDoFo 0.9.6. For a crafted PDF document, pPage-GetObject-GetDictionary.AddKeyPdfNameMediaBox,var can be problematic due ...

Linux Distros Unpatched Vulnerability : CVE-2018-16647

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Artifex MuPDF 1.13.0, the pdfgetxrefentry function in pdf/pdf-xref.c allows remote attackers to cause a denial of service segmentation fault in fzwritedata i...

Linux Distros Unpatched Vulnerability : CVE-2018-6088

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafte...

Linux Distros Unpatched Vulnerability : CVE-2018-5296

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In PoDoFo 0.9.5, there is an uncontrolled memory allocation in the PdfParser::ReadXRefSubsection function base/PdfParser.cpp. Remote attackers could leverage th...

Linux Distros Unpatched Vulnerability : CVE-2014-7947

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenJPEG before r2944, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service out-of-bounds read via a...