Lucene search
+L

336 matches found

OSV
OSV
added 2025/11/26 12:15 a.m.4 views

UBUNTU-CVE-2025-66019

pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patch...

8.7CVSS6.9AI score0.0032EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2025/11/20 5:48 p.m.17 views

md-to-pdf vulnerable to arbitrary JavaScript code execution when parsing front matter

Summary A Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process of md-to-pdf library, resulting in remote code execution. Details md-to-pdf uses the gray-matter library to parse...

10CVSS8.8AI score0.00916EPSS
Exploits0References4Affected Software1
GithubExploit
GithubExploit
added 2025/11/19 6:25 p.m.195 views

mpdf-pocs

mPDF 8.2.6 PoCs Referenced by: - https:/...

7.1AI score
Exploits0
AstraLinux
AstraLinux
added 2025/10/31 4:38 p.m.4 views

Astra Linux - уязвимость в pypdf2

pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if parsecontentstream is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request 969 and resolv...

6.2CVSS6.8AI score0.00352EPSS
Exploits1References2
OSV
OSV
added 2025/10/22 7:40 p.m.5 views

GHSA-VR63-X8VC-M265 pypdf possibly loops infinitely when reading DCT inline images without EOF marker

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. Patches This has been fixed in pypdf==6.1.3. Workarounds If you cannot upgrade yet, consider...

8.7CVSS6.8AI score0.00411EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.8 views

EUVD-2018-12812

Malware in sbrugna...

8.8CVSS8.8AI score0.01445EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2018-12811

Malware in sbrugna...

9.8CVSS9.5AI score0.01652EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-19742

Malicious code in bioql PyPI...

6.9CVSS8.3AI score0.00371EPSS
Exploits1References5
Redos
Redos
added 2025/09/10 12:0 a.m.5 views

ROS-20250910-02

A vulnerability in the Hints::Hints poppler/Hints.cc function of the Poppler PDF display library is related to a resource release error. with resource release errors. Exploitation of the vulnerability allows an attacker acting remotely, to cause a denial of service using a specially crafted PDF...

6.9CVSS6.8AI score0.01547EPSS
Exploits3
OPENSUSE Linux
OPENSUSE Linux
added 2025/09/07 12:0 a.m.11 views

libQt5Pdf5-5.15.19-1.1 on GA media (moderate)

libQt5Pdf5-5.15.19-1.1 on GA media Announcement ID: openSUSE-SU-2025:15531-1 Rating: moderate Cross-References: CVE-2024-10229 CVE-2024-10827 CVE-2024-11477 CVE-2024-12694 CVE-2024-55549 CVE-2025-0436 CVE-2025-0762 CVE-2025-0996 CVE-2025-0999 CVE-2025-1426 CVE-2025-1919 CVE-2025-2136 CVE-2025-242...

7.8CVSS8.4AI score0.21985EPSS
Exploits16
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-17057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. CVE-2018-17057 Note that Nessus...

9.8CVSS7.4AI score0.26172EPSS
Exploits7References2
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.5 views

pypdf 安全漏洞

pypdf is py-pdf open source a free open source pure python PDF library . The ability to split, merge, crop and convert pages of a PDF file. A security vulnerability exists in pypdf versions prior to 6.0.0, which stems from the fact that a malicious PDF could lead to RAM exhaustion, affecting...

8.7CVSS6.3AI score0.00437EPSS
Exploits0References5
OSV
OSV
added 2025/08/06 12:15 a.m.6 views

DEBIAN-CVE-2025-54869

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service DoS vulnerability. An attacker...

6CVSS5.5AI score0.00299EPSS
Exploits0References1
NVD
NVD
added 2025/07/02 4:15 p.m.11 views

CVE-2025-52886

Poppler is a PDF rendering library. Versions prior to 25.06.0 use std::atomicint for reference counting. Because std::atomicint is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue...

6.9CVSS0.00371EPSS
Exploits1References7
OSV
OSV
added 2025/07/02 3:46 p.m.4 views

CVE-2025-52886 Poppler Use After Free Vulnerability

Poppler is a PDF rendering library. Versions prior to 25.06.0 use std::atomicint for reference counting. Because std::atomicint is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue...

6.9CVSS8.4AI score0.00371EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/05/23 4:2 a.m.5 views

CVE-2023-36810

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of t...

6.5CVSS6.6AI score0.00625EPSS
Exploits1
Rockylinux
Rockylinux
added 2025/05/07 7:11 p.m.9 views

poppler security update

An update is available for poppler. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Poppler is a Portable Document Format PDF rendering library, used by...

5.5CVSS7.4AI score0.00517EPSS
Exploits1
Snyk
Snyk
added 2025/03/18 9:7 p.m.6 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the addImage, html, and addSvgAsImage methods. An attacker can occupy excessive CPU by supplying a malicious data-url. PoC js import jsPDF from "jpsdf" const doc = new jsPDF; const payload =...

8.7CVSS6.7AI score0.00646EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/18 9:7 p.m.3 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the addImage, html, and addSvgAsImage methods. An attacker can occupy excessive CPU by supplying a malicious data-url. PoC js import jsPDF from "jpsdf" const doc = new jsPDF; const payload =...

8.7CVSS6.7AI score0.00646EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/02/28 12:0 a.m.6 views

The vulnerability of the PHP library TCPDF, related to the use of files and directories accessible from external parties, allows a hacker to execute arbitrary code.

The vulnerability of the PHP TCPDF library is related to the use of files and directories accessible from external parties. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

6.1CVSS5.9AI score
Exploits0References2Affected Software1
Rows per page
Query Builder