Lucene search
K

777 matches found

Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-57254 Foxit PDF Editor/Reader Annotation Type Confusion Vulnerability

There is an abnormal annotation within the PDF that is referenced by other objects. When the application parses the PDF, it fails to perform proper type checking, ultimately causing the application to crash...

7.8CVSS0.00116EPSS
Exploits0References1
OSV
OSV
added 2026/07/07 11:45 a.m.5 views

PYSEC-2026-1835 pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if parsecontentstream is executed. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the...

6.2CVSS6.2AI score0.00352EPSS
Exploits1References9
OSV
OSV
added 2026/06/18 7:22 a.m.5 views

MGASA-2026-0219 Updated python-pillow packages fix security vulnerabilities

Integer overflow when processing fonts. CVE-2026-42308 PDF Parsing Trailer Infinite Loop DoS. CVE-2026-42310...

5.5CVSS5.3AI score0.00126EPSS
Exploits0References5
OSV
OSV
added 2026/06/16 1:45 p.m.6 views

GHSA-WJQC-6W8F-H24C pypdf: Manipulated XMP metadata streams can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. Patches This has been fixed in pypdf==6.12.1. Workarounds If you cannot upgrade yet, consider applying the change...

6.9CVSS5.3AI score0.0013EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/16 1:45 p.m.14 views

EUVD-2026-32912

pypdf: Manipulated XMP metadata streams can exhaust RAM...

6.9CVSS5.1AI score0.0013EPSS
Exploits0References4
OSV
OSV
added 2026/05/12 8:54 a.m.5 views

BIT-PILLOW-2026-42310 Pillow: PDF Parsing Trailer Infinite Loop (DoS)

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

5.5CVSS5.7AI score0.00126EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/05/11 12:0 a.m.5 views

Unity Linux 20.1060e / 20.1070e Security Update: pdfbox (UTSA-2026-017627)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017627 advisory. In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree...

5.5CVSS5.8AI score0.04024EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2026/05/04 8:19 p.m.8 views

Pillow has a PDF Parsing Trailer Infinite Loop (DoS)

Impact An attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. Patches Patched version: 12.2.0. PdfParser introduced in Pillow 4.2.0 follows Prev pointers in PDF trailers to read cross-reference sections. If ...

5.5CVSS5.8AI score0.00126EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2026/05/04 8:19 p.m.8 views

GHSA-R73J-PQJ5-W3X7 Pillow has a PDF Parsing Trailer Infinite Loop (DoS)

Impact An attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. Patches Patched version: 12.2.0. PdfParser introduced in Pillow 4.2.0 follows Prev pointers in PDF trailers to read cross-reference sections. If ...

5.5CVSS5.8AI score0.00126EPSS
Exploits0References6
CVE
CVE
added 2026/04/16 11:18 p.m.22 views

CVE-2026-40260

CVE-2026-40260 affects the Python library pypdf (formerly PyPDF2). The issue arises when parsing manipulated XMP metadata declarations within a PDF, causing excessive memory (RAM) usage for memory-constrained parsing workloads. Impact is described as potential large memory consumption during XMP ...

6.9CVSS5.7AI score0.00423EPSS
Exploits0References4Affected Software1
Tenable Nessus
Tenable Nessus
added 2026/02/21 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-27025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes an...

6.9CVSS5.8AI score0.00168EPSS
Exploits0References3
NCSC
NCSC
added 2026/01/21 9:18 a.m.14 views

Vulnerabilities fixed in Oracle Commerce

Oracle has fixed vulnerabilities in several products, including Oracle WebLogic Server and Oracle Commerce products The vulnerabilities allow unauthenticated attackers to cause partial denial-of-service over HTTP. This can lead to system downtime and service disruption. In addition, there is a...

10CVSS7.3AI score0.79807EPSS
Exploits6References1
RedhatCVE
RedhatCVE
added 2026/01/09 11:22 a.m.5 views

CVE-2021-31506

This vulnerability allows remote attackers to disclose sensitive information on affected installations of OpenText Brava! Desktop Build 16.6.4.55. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw...

4.3CVSS5.5AI score0.01422EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 8:50 a.m.9 views

CVE-2021-31504

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OpenText Brava! Desktop Build 16.6.3.84 package 16.6.3.134. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The...

7.8CVSS6.8AI score0.01419EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/06 12:0 a.m.6 views

Apache Tika 1.13 < 3.2.2 XXE (CVE-2025-66516)

The version of Apache Tika on the remote host is prior to 3.2.2. It is, therefore, affected by a XXE vulnerability: - Critical XXE in Apache Tika tika-core 1.13-3.2.1 allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same...

9.8CVSS7.8AI score0.79807EPSS
Exploits5References2
RedhatCVE
RedhatCVE
added 2025/12/24 10:29 p.m.4 views

CVE-2025-14411

Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must...

3.3CVSS3.2AI score0.00146EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/24 10:29 p.m.4 views

CVE-2025-14407

Soda PDF Desktop PDF File Parsing Memory Corruption Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must...

3.3CVSS3.5AI score0.00147EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/24 12:30 a.m.5 views

EUVD-2025-204991

Soda PDF Desktop PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a...

7.8CVSS7AI score0.00154EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/24 12:30 a.m.6 views

EUVD-2025-204992

Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must...

3.3CVSS4.8AI score0.00139EPSS
Exploits0References2
EUVD
EUVD
added 2025/12/24 12:30 a.m.8 views

EUVD-2025-204997

pdfforge PDF Architect PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target mu...

7.8CVSS7.2AI score0.00155EPSS
Exploits0References2
Rows per page
Query Builder