777 matches found
CVE-2026-57254 Foxit PDF Editor/Reader Annotation Type Confusion Vulnerability
There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash...
PYSEC-2026-1835 pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character
Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if parsecontentstream is executed. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the...
MGASA-2026-0219 Updated python-pillow packages fix security vulnerabilities
Integer overflow when processing fonts. CVE-2026-42308 PDF Parsing Trailer Infinite Loop DoS. CVE-2026-42310...
GHSA-WJQC-6W8F-H24C pypdf: Manipulated XMP metadata streams can exhaust RAM
Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. Patches This has been fixed in pypdf==6.12.1. Workarounds If you cannot upgrade yet, consider applying the change...
EUVD-2026-32912
pypdf: Manipulated XMP metadata streams can exhaust RAM...
BIT-PILLOW-2026-42310 Pillow: PDF Parsing Trailer Infinite Loop (DoS)
Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...
Unity Linux 20.1060e / 20.1070e Security Update: pdfbox (UTSA-2026-017627)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017627 advisory. In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree...
Pillow has a PDF Parsing Trailer Infinite Loop (DoS)
Impact An attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. Patches Patched version: 12.2.0. PdfParser introduced in Pillow 4.2.0 follows Prev pointers in PDF trailers to read cross-reference sections. If ...
GHSA-R73J-PQJ5-W3X7 Pillow has a PDF Parsing Trailer Infinite Loop (DoS)
Impact An attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. Patches Patched version: 12.2.0. PdfParser introduced in Pillow 4.2.0 follows Prev pointers in PDF trailers to read cross-reference sections. If ...
CVE-2026-40260
CVE-2026-40260 affects the Python library pypdf (formerly PyPDF2). The issue arises when parsing manipulated XMP metadata declarations within a PDF, causing excessive memory (RAM) usage for memory-constrained parsing workloads. Impact is described as potential large memory consumption during XMP ...
Linux Distros Unpatched Vulnerability : CVE-2026-27025
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes an...
Vulnerabilities fixed in Oracle Commerce
Oracle has fixed vulnerabilities in several products, including Oracle WebLogic Server and Oracle Commerce products The vulnerabilities allow unauthenticated attackers to cause partial denial-of-service over HTTP. This can lead to system downtime and service disruption. In addition, there is a...
CVE-2021-31506
This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...
CVE-2021-31504
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 package 16.6.3.134. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...
Apache Tika 1.13 < 3.2.2 XXE (CVE-2025-66516)
The version of Apache Tika on the remote host is prior to 3.2.2. It is, therefore, affected by a XXE vulnerability: - Critical XXE in Apache Tika tika-core 1.13-3.2.1 allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same...
CVE-2025-14411
Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must...
CVE-2025-14407
Soda PDF Desktop PDF File Parsing Memory Corruption Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must...
EUVD-2025-204991
Soda PDF Desktop PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a...
EUVD-2025-204992
Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must...
EUVD-2025-204997
pdfforge PDF Architect PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target mu...