Lucene search
K

1670 matches found

Snyk
Snyk
added 2026/05/07 12:59 a.m.6 views

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert routes. An attacker can access the contents of arbitrary PDF files on the server by supplying a path to a...

6.9CVSS5.9AI score0.00311EPSS
Exploits1References3
GithubExploit
GithubExploit
added 2026/05/01 4:20 a.m.75 views

PDFGenerator

No d...

5.3AI score
Exploits0
CVE
CVE
added 2026/04/28 7:31 a.m.19 views

CVE-2026-40980

In Spring AI, a memory exhaustion vulnerability exists in the ForkPDFLayoutTextStripper when processing a malicious PDF. Affected versions are Spring AI 1.0.0–1.0.5 (fixed in 1.0.6) and 1.1.0–1.1.4 (fixed in 1.1.5). The CVSS data indicates availability impact is High, with network attack and low ...

6.5CVSS5.2AI score0.0024EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/27 11:0 a.m.5 views

CVE-2026-5939

A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution...

5.5CVSS5.8AI score0.00113EPSS
Exploits0References2Affected Software2
Spring Security Advisories
Spring Security Advisories
added 2026/04/27 12:0 a.m.8 views

OOM by attacker-controlled PDF

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper . Only applications that use ForkPDFLayoutTextStripper and pass user-supplied input to DocumentReader s are affected...

6.5CVSS5.8AI score0.0024EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/04/26 10:17 p.m.6 views

CVE-2018-25279

jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Attackers can create a specially crafted PNG file with an oversized buffer and trigger the crash when the application attempts to convert...

6.9CVSS0.00123EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/26 1:19 p.m.9 views

CVE-2018-25279 jiNa OCR Image to Text 1.0 Denial of Service via PNG

jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Attackers can create a specially crafted PNG file with an oversized buffer and trigger the crash when the application attempts to convert...

6.9CVSS5.4AI score0.00123EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.7 views

PT-2026-35249

jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Attackers can create a specially crafted PNG file with an oversized buffer and trigger the crash when the application attempts to convert...

6.9CVSS5.4AI score0.00123EPSS
Exploits0References4
NVD
NVD
added 2026/04/22 9:17 p.m.5 views

CVE-2026-41168

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. This ha...

6.9CVSS0.00297EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2026/04/22 8:49 p.m.7 views

CVE-2026-41168

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. This ha...

6.9CVSS5.3AI score0.00297EPSS
Exploits0
OSV
OSV
added 2026/04/16 9:30 p.m.6 views

GHSA-4PXV-J86V-MHCW pypdf: Possible long runtimes for wrong size values in incremental mode

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer /Size value in incremental mode. Patches This has been fixed in pypdf==6.10.2. Workarounds If you cannot upgrade yet, consider applying the changes from PR...

6.8CVSS5.7AI score0.00214EPSS
Exploits0References6
EUVD
EUVD
added 2026/04/16 3:31 a.m.8 views

EUVD-2026-23147

MuPDF mutool does not sanitize PDF metadata fields before writing them to terminal output, allowing attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to the terminal when...

4.8CVSS5.9AI score0.00166EPSS
Exploits0References3
OSV
OSV
added 2026/04/16 2:16 a.m.4 views

DEBIAN-CVE-2026-40505

MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...

4.8CVSS5.5AI score0.00166EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/16 1:20 a.m.4 views

CVE-2026-40505 MuPDF mutool ANSI Injection via Metadata

MuPDF mutool does not sanitize PDF metadata fields before writing them to terminal output, allowing attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to the terminal when...

4.8CVSS5.9AI score0.00166EPSS
Exploits0References2
Fedora
Fedora
added 2026/04/16 12:56 a.m.8 views

[SECURITY] Fedora 43 Update: python-cairosvg-2.9.0-1.fc43

CairoSVG is a SVG 1.1 to PNG, PDF, PS and SVG converter which can also be used as a Python library...

7.5CVSS5.8AI score0.0049EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2026/04/15 7:4 p.m.4 views

CVE-2026-6361

Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

7.2CVSS6.5AI score0.0031EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/15 7:4 p.m.5 views

CVE-2026-6361

Heap buffer overflow in PDFium in Google Chrome on Windows prior to 147.0.7727.101 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

6.5AI score0.0031EPSS
Exploits0References2
OSV
OSV
added 2026/04/13 1:20 p.m.8 views

JLSEC-2026-80

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIG2Stream.cc. Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by...

7.8CVSS6.1AI score0.75994EPSS
Exploits2References14
Malwarebytes
Malwarebytes
added 2026/04/13 11:38 a.m.11 views

Simply opening a PDF could trigger this Adobe Reader zero-day

Opening the wrong PDF in Adobe Reader was enough to let criminals quietly spy on your computer and unleash more attacks, even though everything looked normal. A researcher analyzed a malicious PDF and found that it abused a previously unknown flaw a “zero‑day” in Adobe Acrobat Reader. When a vict...

8.6CVSS7.9AI score0.07086EPSS
Exploits4
OSV
OSV
added 2026/04/10 8:59 p.m.1 views

GHSA-3CRG-W4F6-42MX pypdf: Manipulated XMP metadata entity declarations can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. Patches This has been fixed in pypdf==6.10.0. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3724...

6.9CVSS5.7AI score0.00423EPSS
Exploits0References6
Rows per page
Query Builder