Lucene search
K

476 matches found

RedhatCVE
RedhatCVE
added 4 days ago10 views

CVE-2026-59938

A flaw was found in pypdf, a free and open-source pure-python PDF library. An attacker can exploit this vulnerability by crafting a malicious PDF file with image size values that are significantly larger than the actual embedded image data, causing pypdf to allocate large amounts of memory when...

6.9CVSS6AI score0.00303EPSS
Exploits0References7
NVD
NVD
added 6 days ago10 views

CVE-2026-57259

The input file does not need to be strictly in a structurally valid PDF format. Instead, after reviewing the content, the original document disguised as a PDF will be sent to the parser. Malicious documents will construct malicious external entities that, through the protocol, point to local path...

6.5CVSS0.00205EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/25 5:24 p.m.7 views

poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS7.3AI score0.00252EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.6 views

Amazon Linux 2023 : poppler, poppler-cpp, poppler-cpp-devel (ALAS2023-2026-1852)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1852 advisory. A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the...

7.8CVSS6.1AI score0.00252EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/11 6:59 p.m.28 views

CVE-2026-45802 FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script...

6CVSS0.00259EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/11 6:59 p.m.10 views

CVE-2026-45802 FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. Prior to version 2.6.7, an attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script...

6CVSS5.3AI score0.00259EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 8:17 p.m.9 views

CVE-2026-46529

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

8.4CVSS0.00529EPSS
Exploits1References17
AlpineLinux
AlpineLinux
added 2026/06/10 7:46 p.m.13 views

CVE-2026-46529

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

8.4CVSS6.5AI score0.00529EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.12 views

CVE-2026-40980

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.5CVSS5.4AI score0.0024EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 5:16 p.m.18 views

DEBIAN-CVE-2026-10118

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS6AI score0.00252EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.10 views

Astra Linux – Vulnerability in Poppler

A flaw was discovered in Poppler regarding the way certain PDF files are converted into HTML format. A remote attacker could exploit this flaw by providing a malicious PDF file. When such a file is processed by the ‘pdftohtml’ program, it could cause the application to crash, resulting in a denia...

7.5CVSS7.8AI score0.02174EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/05/19 7:56 p.m.18 views

FPDI: Memory Exhaustion and Endless Loop in FPDI leads to Denial of Service

Impact This is a significant Denial of Service DoS vulnerability. Any application that uses FPDI to process user-supplied PDF files is at risk. An attacker can upload a small, malicious PDF file that will cause the server-side script to crash due to memory exhaustion or a script time-out. Repeate...

6CVSS5.8AI score0.00259EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.19 views

PT-2026-42033

Name of the Vulnerable Software and Affected Versions FPDI versions prior to 2.6.7 Description FPDI is a collection of PHP classes used to read pages from existing PDF documents to serve as templates in FPDF. A Denial of Service DoS issue exists where an attacker can upload a small, malicious PDF...

6CVSS5.5AI score0.00259EPSS
Exploits0References7
SUSE CVE
SUSE CVE
added 2026/05/13 2:22 p.m.9 views

SUSE CVE-2026-42310

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

7.5CVSS5.7AI score0.00126EPSS
Exploits0References6
UbuntuCve
UbuntuCve
added 2026/05/09 6:16 a.m.11 views

CVE-2026-42310

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

5.5CVSS5.7AI score0.00126EPSS
Exploits0References4
NVD
NVD
added 2026/04/28 9:16 a.m.8 views

CVE-2026-40980

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.5CVSS0.0024EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/28 7:31 a.m.6 views

CVE-2026-40980

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.5CVSS5.2AI score0.0024EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/28 7:31 a.m.29 views

CVE-2026-40980

In Spring AI, a malicious PDF file can be crafted that triggers the allocation of unreasonable amounts of memory when handled by ForkPDFLayoutTextStripper. Affected versions: Spring AI: 1.0.0 - 1.0.5 fixed in 1.0.6, 1.1.0 - 1.1.4 fixed in 1.1.5...

6.5CVSS0.0024EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/25 11:9 a.m.5 views

CVE-2026-41312

A flaw was found in pypdf. An attacker can craft a malicious PDF file containing a specially compressed stream. When this file is processed, it can lead to excessive memory consumption RAM exhaustion, resulting in a Denial of Service DoS for the affected system. Mitigation Mitigation for this iss...

6.5CVSS5AI score0.00226EPSS
Exploits0References7
GithubExploit
GithubExploit
added 2026/04/13 7:23 p.m.297 views

Exploit for CVE-2026-34621

CVE-2026-34621 — Windows PoC Prototype Pollution in Adobe A...

8.6CVSS7.7AI score0.07086EPSS
Exploits4
Rows per page
Query Builder