336 matches found
UBUNTU-CVE-2025-66019
pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patch...
md-to-pdf vulnerable to arbitrary JavaScript code execution when parsing front matter
Summary A Markdown front-matter block that contains JavaScript delimiter causes the JS engine in gray-matter library to execute arbitrary code in the Markdown to PDF converter process of md-to-pdf library, resulting in remote code execution. Details md-to-pdf uses the gray-matter library to parse...
mpdf-pocs
mPDF 8.2.6 PoCs Referenced by: - https:/...
Astra Linux - уязвимость в pypdf2
pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if parsecontentstream is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request 969 and resolv...
GHSA-VR63-X8VC-M265 pypdf possibly loops infinitely when reading DCT inline images without EOF marker
Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. Patches This has been fixed in pypdf==6.1.3. Workarounds If you cannot upgrade yet, consider...
EUVD-2018-12812
Malware in sbrugna...
EUVD-2018-12811
Malware in sbrugna...
EUVD-2025-19742
Malicious code in bioql PyPI...
ROS-20250910-02
A vulnerability in the Hints::Hints poppler/Hints.cc function of the Poppler PDF display library is related to a resource release error. with resource release errors. Exploitation of the vulnerability allows an attacker acting remotely, to cause a denial of service using a specially crafted PDF...
libQt5Pdf5-5.15.19-1.1 on GA media (moderate)
libQt5Pdf5-5.15.19-1.1 on GA media Announcement ID: openSUSE-SU-2025:15531-1 Rating: moderate Cross-References: CVE-2024-10229 CVE-2024-10827 CVE-2024-11477 CVE-2024-12694 CVE-2024-55549 CVE-2025-0436 CVE-2025-0762 CVE-2025-0996 CVE-2025-0999 CVE-2025-1426 CVE-2025-1919 CVE-2025-2136 CVE-2025-242...
Linux Distros Unpatched Vulnerability : CVE-2018-17057
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. CVE-2018-17057 Note that Nessus...
pypdf 安全漏洞
pypdf is py-pdf open source a free open source pure python PDF library . The ability to split, merge, crop and convert pages of a PDF file. A security vulnerability exists in pypdf versions prior to 6.0.0, which stems from the fact that a malicious PDF could lead to RAM exhaustion, affecting...
DEBIAN-CVE-2025-54869
FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service DoS vulnerability. An attacker...
CVE-2025-52886
Poppler is a PDF rendering library. Versions prior to 25.06.0 use std::atomicint for reference counting. Because std::atomicint is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue...
CVE-2025-52886 Poppler Use After Free Vulnerability
Poppler is a PDF rendering library. Versions prior to 25.06.0 use std::atomicint for reference counting. Because std::atomicint is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue...
CVE-2023-36810
pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of t...
poppler security update
An update is available for poppler. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Poppler is a Portable Document Format PDF rendering library, used by...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the addImage, html, and addSvgAsImage methods. An attacker can occupy excessive CPU by supplying a malicious data-url. PoC js import jsPDF from "jpsdf" const doc = new jsPDF; const payload =...
Regular Expression Denial of Service (ReDoS)
Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the addImage, html, and addSvgAsImage methods. An attacker can occupy excessive CPU by supplying a malicious data-url. PoC js import jsPDF from "jpsdf" const doc = new jsPDF; const payload =...
The vulnerability of the PHP library TCPDF, related to the use of files and directories accessible from external parties, allows a hacker to execute arbitrary code.
The vulnerability of the PHP TCPDF library is related to the use of files and directories accessible from external parties. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...