1060 matches found
PT-2025-3066 · Cpdf · Cpdf
Name of the Vulnerable Software and Affected Versions: cpdf versions 2.8 and earlier Description: The issue allows stack consumption via a crafted PDF document. This can be achieved through a manipulated PDF document. Recommendations: For versions 2.8 and earlier, consider updating to a version...
CVE-2024-54731
cpdf through 2.8 allows stack consumption via a crafted PDF document...
CVE-2024-54731
cpdf through 2.8 allows stack consumption via a crafted PDF document...
CVE-2024-52271 PDF Document Spoofing in Documenso
User Interface UI Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the vulnerability only, not all...
CVE-2024-52270 PDF Document Spoofing in DropBox Sign(HelloSign)
User Interface UI Misrepresentation of Critical Information vulnerability in DropBox SignHelloSign allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed e.g. via Google Chrome - Examine the print preview: Will render the vulnerability only...
CVE-2024-52298 macro-pdfviewer's preview in WYSIWYG editor allows accessing any PDF document as the last author
macro-pdfviewer is a PDF Viewer Macro for XWiki using Mozilla pdf.js. The PDF Viewer macro allows an attacker to view any attachment using the "Delegate my view right" feature as long as the attacker can view a page whose last author has access to the attachment. For this, the attacker only needs...
Foxit Reader checkbox Calculate use-after-free vulnerability
Talos Vulnerability Report TALOS-2024-1967 Foxit Reader checkbox Calculate use-after-free vulnerability October 2, 2024 CVE Number CVE-2024-28888 SUMMARY A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a checkbox field object. A specially crafted Javascript co...
New macOS Malware TodoSwift Linked to North Korean Hacking Groups
Cybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with known malicious software used by North Korean hacking groups. "This application shares several behaviors with malware we've seen that originated in North Korea DPRK —...
Adobe Acrobat Reader AV3DVirtAnnot Object Format Event Use-After-Free Vulnerability
Talos Vulnerability Report TALOS-2024-2009 Adobe Acrobat Reader AV3DVirtAnnot Object Format Event Use-After-Free Vulnerability August 13, 2024 CVE Number CVE-2024-41830 SUMMARY A use-after-free vulnerability exists in the AV3DVirtAnnot functionality of Adobe Acrobat Reader 2024.002.20759. A...
PYSEC-2024-65
Roundup before 2.4.0 allows XSS via JavaScript in PDF, XML, and SVG documents...
CVE-2024-33864
An issue was discovered in linqi before 1.4.0.1 on Windows. There is SSRF via Document template generation; i.e., via remote images in process creation, file inclusion, and PDF document generation via malicious JavaScript...
CVE-2024-33864
The CVE-2024-33864 entry covers a vulnerability in linqi prior to 1.4.0.1 on Windows that enables SSRF via Document template generation, including the use of remote images during process creation, file inclusion, and PDF document generation through malicious JavaScript. Affected component behavio...
CVE-2024-25938
A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. An...
CVE-2024-25575
A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An...
CVE-2024-25648
A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and result in arbitrary code execution. A...
CVE-2024-25575
Foxit Reader CVE-2024-25575 is a type-confusion vulnerability in the Lock object’s fields handling. Talos documents a type-confusion in Foxit Reader 2024.1.0.23997 that can cause memory corruption and arbitrary code execution via JavaScript in malicious PDFs or a crafted site when the browser plu...
CVE-2024-4327
A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...
CVE-2024-4327
The CVE-2024-4327 entry concerns Apryse WebViewer (up to 10.8.0). Affected component: the PDF Document Handler, where a cross-site scripting flaw has been identified. Root cause: improper handling in this component enables malicious input to execute in the context of a user session. Impact: remot...
CVE-2024-4327 Apryse WebViewer PDF Document cross site scripting
A vulnerability was found in Apryse WebViewer up to 10.8.0. It has been classified as problematic. This affects an unknown part of the component PDF Document Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to...
Apryse WebViewer 跨站脚本漏洞
Apryse WebViewer is a web browser from Apryse Corporation. A cross-site scripting vulnerability exists in Apryse WebViewer version 10.8.0, which stems from the component PDF Document Handler that causes cross-site scripting...