Linux Distros Unpatched Vulnerability : CVE-2022-34503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection. An attacker can access sensitive information or cause the system to make unauthorized requests by submitting a specially crafted XFA file embedded within a PDF. Note: CVE-2025-66516 is a duplicate of...

CVE-2025-54869

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service DoS vulnerability. An attacker...

UBUNTU-CVE-2025-54869

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service DoS vulnerability. An attacker...

CVE-2025-54869 FPDI is Vulnerable to Memory Exhaustion (OOM) through its PDF Parser

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service DoS vulnerability. An attacker...

CVE-2025-54869

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service DoS vulnerability. An attacker...

Linux Distros Unpatched Vulnerability : CVE-2024-23449

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An uncaught exception in Elasticsearch = 8.4.0 and = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. Th...

OESA-2025-1763 clamav security update

Clam AntiVirus is an anti-virus toolkit for UNIX. The main purpose of this software is the integration with mail servers attachment scanning. The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs ar...

UBUNTU-CVE-2025-20260

A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service DoS condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers are allocated...

CVE-2020-9897

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1. Processing a maliciously crafted PDF may lead to arbitrary code execution...

CVE-2019-6728

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

OSV-2025-173 UNKNOWN READ in chunk_obj_alloc

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=399390078 Crash type: UNKNOWN READ Crash state: chunkobjalloc pdfireadcffdict pdfireadcffdict...

Adobe Digital Editions < 4.5.5 Multiple Vulnerabilities (APSB17-20)

The version of Adobe Digital Editions installed on the remote Windows host is prior to 4.5.5. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB17-20 advisory. - Adobe Digital Editions versions 4.5.4 and earlier contain an insecure library loading vulnerability. The...

CVE-2024-23449

An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...

CVE-2024-23449 Elasticsearch Uncaught Exception

An uncaught exception in Elasticsearch = 8.4.0 and 8.11.1 occurs when an encrypted PDF is passed to an attachment processor through the REST API. The Elasticsearch ingest node that attempts to parse the PDF file will crash. This does not happen with password-protected PDF files or with unencrypte...

SUSE-SU-2023:4546-1 Security update for poppler

This update for poppler fixes the following issues: - CVE-2019-9545: Fixed a potential crash due to uncontrolled recursion in the JBIG parser bsc1128114. - CVE-2019-9631: Fixed an out of bounds read when converting a PDF to an image bsc1129202. - CVE-2022-37052: Fixed a reachable assertion when...

Microsoft Edge Resource Management Error Vulnerability

Microsoft Edge is a web browser from Microsoft Corporation USA that comes with systems after Windows 10. A resource management error vulnerability exists in Microsoft Edge versions 79.0.309.71 through 118.0.2088.69, which stems from a boundary error when processing PDF files, allowing remote...

Input validation

Uncontrolled Recursion in pdfinfo, and pdftops in poppler 0.89.0 allows remote attackers to cause a denial of service via crafted input...

USN-6200-1 imagemagick vulnerabilities

It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. CVE-2020-29599 It was...

SUSE: Security Advisory (SUSE-SU-2023:0677-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...