CVE-2025-14419

The CVE-2025-14419 issue affects pdfforge PDF Architect and is due to improper validation during PDF file parsing, causing memory corruption and potential remote code execution. Exploitation requires user interaction (visit a malicious page or open a malicious file). The vulnerability is confirme...

CVE-2025-66494

A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute arbitrary code...

CVE-2025-66499 Foxit PDF Reader PDF Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability

A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code...

CVE-2025-66499 Foxit PDF Reader PDF Parsing Heap-Based Buffer Overflow Remote Code Execution Vulnerability

A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code...

CVE-2025-66494 Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability

A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute arbitrary code...

CVE-2025-66494 Foxit PDF Reader PDF File Parsing Use-After-Free Remote Code Execution Vulnerability

A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute arbitrary code...

Uncontrolled Memory Allocation

pypdf is vulnerable to uncontrolled memory allocation. The vulnerability is due to improper handling of LZWDecode streams, which allows an attacker to craft a malicious PDF that causes excessive memory consumption up to 1 GB per stream during content parsing...

tika-core: tika-parsers: tika-parser-pdf-module: Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to expand scope of artifacts affected

A XML External Entity XXE injection vulnerability was found in the Apache Tika framework's PDF parsing functionality. It could allow a remote, unauthenticated attacker to exploit the system by providing a specially crafted PDF containing an XFA XML Forms Architecture file. This flaw could lead to...

(0Day) Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

(0Day) Soda PDF Desktop PDF File Parsing Memory Corruption Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

PT-2025-50795

Name of the Vulnerable Software and Affected Versions pdfforge PDF Architect affected versions not specified Description A flaw exists in the parsing of PDF files within pdfforge PDF Architect, stemming from insufficient validation of user-supplied data. This can lead to a memory corruption...

(0Day) Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsi...

(0Day) pdfforge PDF Architect PDF File Parsing Memory Corruption Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing...

(0Day) pdfforge PDF Architect PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

PT-2025-50786

Name of the Vulnerable Software and Affected Versions Soda PDF Desktop affected versions not specified Description A flaw exists in the parsing of PDF files within Soda PDF Desktop, resulting from insufficient validation of user-supplied data. This can lead to a write past the end of an allocated...

PT-2025-50788

Name of the Vulnerable Software and Affected Versions Soda PDF Desktop affected versions not specified Description A flaw exists in the parsing of PDF files within Soda PDF Desktop. The issue stems from insufficient validation of user-supplied data, potentially leading to a read past the end of a...

CVE-2025-66516

A XML External Entity XXE injection vulnerability was found in the Apache Tika framework's PDF parsing functionality. It could allow a remote, unauthenticated attacker to exploit the system by providing a specially crafted PDF containing an XFA XML Forms Architecture file. This flaw could lead to...

CVE-2025-66019

pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patch...

USN-7888-1: MuPDF vulnerabilities

It was discovered that MuPDF could be made to divide by zero. An attacker could possibly use this issue to cause a denial of service. CVE-2023-51103, CVE-2023-51104, CVE-2023-51105, CVE-2023-51106 It was discovered that MuPDF incorrectly handled memory under certain circumstances, which could lea...

TencentOS Server 4: clamav (TSSA-2025:0012)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0012 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...