302 matches found
RHEL 8 : ghostscript (RHSA-2024:4527)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:4527 advisory. The Ghostscript suite contains utilities for rendering PostScript and PDF documents. Ghostscript translates PostScript code to common bitmap formats ...
[SECURITY] Fedora 39 Update: python-reportlab-4.2.0-1.fc39
This is the ReportLab PDF Toolkit. It allows rapid creation of rich PDF documents, and also creation of charts in a variety of bitmap and vector formats...
[SECURITY] Fedora 40 Update: python-reportlab-4.2.0-1.fc40
This is the ReportLab PDF Toolkit. It allows rapid creation of rich PDF documents, and also creation of charts in a variety of bitmap and vector formats...
Cross-Site Scripting (XSS)
tecnickcom/tcpdf is vulnerable to Cross-Site Scripting. The vulnerability is due to insecure processing of HTML content inside PDF documents, which could result in Cross-Site Scripting...
Fedora: Security Advisory (FEDORA-2024-bc7d40eb2e)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: php-tcpdf-6.7.4-1.fc40
PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...
Path Traversal
WeasyPrint is vulnerable to Path Traversal. The vulnerability is due to improper validation mechanisms in the urlfetcher function, which fails to restrict the inclusion of arbitrary local files and URLs in the generated PDF documents. This flaw allowing an attacker to include or traverse to files...
Design/Logic Flaw
WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if urlfetcher is configured to prevent access to files and URLs. This vulnerability has been patched in...
UBUNTU-CVE-2024-28184
WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if urlfetcher is configured to prevent access to files and URLs. This vulnerability has been patched in...
[SECURITY] Fedora 40 Update: pdftk-java-3.3.3-6.fc40
If PDF is electronic paper, then pdftk-java is an electronic staple-remover, hole-punch, binder, secret-decoder-ring, and X-Ray-glasses. PDFtk is a simple tool for doing everyday things with PDF documents: Merge PDF documents, split PDF pages into a new document, decrypt input as necessary passwo...
CVE-2020-36773
Artifex Ghostscript before 9.53.0 has an out-of-bounds write and use-after-free in devices/vector/gdevtxtw.c for txtwrite because a single character code in a PDF document can map to more than one Unicode code point e.g., for a ligature...
CVE-2023-47251
In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers with access to a VNC session to automatically transfer malicious PDF documents by moving them into the .spool directory, and then...
CVE-2023-47251
In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers with access to a VNC session to automatically transfer malicious PDF documents by moving them into the .spool directory, and then...
CVE-2023-47251
CVE-2023-47251 affects mprivacy-tools before 2.0.406g (TightGate-Pro Server). A Directory Traversal in the VNC print function allows authenticated users with a VNC session to place malicious PDFs into the .spool directory and trigger the VNC service to transfer them to the connected VNC client’s ...
Important: Red Hat Security Advisory: ghostscript security update
An update for ghostscript is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability fr...
Important: Red Hat Security Advisory: python-reportlab security update
An update for python-reportlab is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerabili...
Important: Red Hat Security Advisory: python-reportlab security update
An update for python-reportlab is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a...
Important: Red Hat Security Advisory: python-reportlab security update
An update for python-reportlab is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
ALSA-2023:5790 Important: python-reportlab security update
Python-reportlab is a library used for generation of PDF documents. Security Fixes: python-reportlab: code injection in paraparser.py allows code execution CVE-2019-19450 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and other related information...
The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 are related to the issue of operations occurring outside the buffer in memory. This allows attackers to gain unauthorized access to protected information.
The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 is related to the issue of operations going beyond the buffer in memory when processing embedded fonts. Exploiting thi...