Lucene search
K

73 matches found

Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

EulerOS 2.0 SP10 : ghostscript (EulerOS-SA-2025-2064)

According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gslibctxstashsanitizedarg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the case. A created PDF...

4CVSS5.6AI score0.00276EPSS
Exploits0References2
CVE
CVE
added 2025/08/04 12:0 a.m.45 views

CVE-2025-50422

CVE-2025-50422 affects Cairo (up to 1.18.4) as used in Poppler (up to 25.08.0). The issue is an assertion failure (unscaled->face == NULL) in _cairo_ft_unscaled_font_fini within cairo-ft-font.c, leading to a crash in affected workflows. Mitigations from connected advisories: update Cairo/Poppl...

2.9CVSS6.3AI score0.00213EPSS
Exploits0References4
CVE
CVE
added 2025/08/04 12:0 a.m.54 views

CVE-2025-50420

The CVE-2025-50420 entry concerns the pdfseparate utility of freedesktop poppler. The connected documents confirm a vulnerability in poppler v25.04.0 where a crafted PDF can cause infinite recursion, leading to Denial of Service (DoS). Several vendor advisories (SUSE SUSE-SU-2025:02791-1, SUSE-SU...

6.5CVSS6.4AI score0.00301EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2025/05/23 4:15 a.m.12 views

CVE-2025-48708

gslibctxstashsanitizedarg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the case. A created PDF document includes its password in cleartext...

3.3CVSS7.3AI score
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/06/05 2:15 p.m.66 views

Arbitrary JavaScript execution due to using outdated libraries

Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. PoC 1. Generate a pdf file with a malicious script in the fontmatrix. This will run alert‘XSS’. poc.pdf 2. Run the app. In this PoC, I've used the demo...

8.8CVSS8.3AI score0.72648EPSS
Exploits15References3Affected Software1
CNNVD
CNNVD
added 2024/05/03 12:0 a.m.5 views

Kofax Power PDF 安全漏洞

Kofax Power PDF is a professional PDF editing and management software from Kofax. A security vulnerability exists in Kofax Power PDF, which stems from a U3D File Parsing out-of-bounds read remote code execution vulnerability...

7.8CVSS8.1AI score0.00525EPSS
Exploits0References2
NVD
NVD
added 2023/05/11 9:15 p.m.11 views

CVE-2023-2662

In Xpdf 4.04 and earlier, a bad color space object in the input PDF file can cause a divide-by-zero...

5.5CVSS4.8AI score0.00279EPSS
Exploits1References1
OSV
OSV
added 2023/05/09 12:0 a.m.28 views

ALSA-2023:2259 Moderate: poppler security and bug fix update

Poppler is a Portable Document Format PDF rendering library, used by applications such as Evince. Security Fixes: poppler: integer overflow in JBIG2 decoder using malformed files CVE-2022-38784 For more details about the security issues, including the impact, a CVSS score, acknowledgments, and...

7.8CVSS7.8AI score0.00574EPSS
Exploits1References4
Microsoft Malware Protection
Microsoft Malware Protection
added 2023/03/07 5:0 p.m.14 views

Get integrated Microsoft Purview Information Protection in Adobe Acrobat—now available

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Data security and compliance are a top priority for leaders as cyberattacks are on the rise. In fact, attacks have increased by 32 percent in the past year, and 1 in 40 organizations...

0.2AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2023/03/07 5:0 p.m.22 views

Get integrated Microsoft Purview Information Protection in Adobe Acrobat—now available

This blog post is part of the Microsoft Intelligent Security Association guest blog series. Learn more about MISA. Data security and compliance are a top priority for leaders as cyberattacks are on the rise. In fact, attacks have increased by 32 percent in the past year, and 1 in 40 organizations...

0.2AI score
Exploits0
wpexploit
wpexploit
added 2023/02/02 12:0 a.m.425 views

Embed PDF <= 1.0.6 - Contributor+ Stored XSS via Shortcode

The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks gdoc class='"...

5.4CVSS5.2AI score0.0049EPSS
Exploits2
Vulnrichment
Vulnrichment
added 2023/01/13 12:16 a.m.7 views

CVE-2022-3160

The APDFL.dll contains an out-of-bounds write past the fixed-length heap-based buffer while parsing specially crafted PDF files. This could allow an attacker to execute code in the context of the current process...

7.8CVSS7.8AI score0.00436EPSS
Exploits0References3
OSV
OSV
added 2022/07/31 12:0 a.m.6 views

OSV-2022-655 UNKNOWN WRITE in pdfi_repair_file

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49606 Crash type: UNKNOWN WRITE Crash state: pdfirepairfile pdfireadxrefstreamdict pdfireadxref...

7.2AI score
Exploits0References1
CNVD
CNVD
added 2022/05/26 12:0 a.m.8 views

Google Chrome PDF Security Feature Issue Vulnerability

Google Chrome is a web browser from Google, an American company. A security signature issue vulnerability exists in versions of Google Chrome prior to 102.0.5005.61, which stems from a faulty implementation of PDF. An attacker could exploit the vulnerability to gain access to sensitive informatio...

4.3CVSS6.3AI score0.00668EPSS
Exploits0References1
CVE
CVE
added 2022/05/05 6:36 p.m.192 views

CVE-2022-27337

CVE-2022-27337 describes a logic error in Poppler (v22.03.0) within the Hints::Hints function that can cause a Denial of Service when parsing a crafted PDF. The issue is a vulnerability in the PDF rendering library’s handling, not a user-triggered component, with the DoS impact noted in the publi...

6.5CVSS6AI score0.01547EPSS
Exploits1References5Affected Software1
CVE
CVE
added 2021/08/04 3:16 p.m.75 views

CVE-2021-34847

CVE-2021-34847 affects Foxit PDF Reader (11.0.0.49893). The flaw is in handling Annotation objects: the code fails to validate the existence of an object before operating on it, enabling remote code execution in the current process. Exploitation requires user interaction (visiting a malicious pag...

7.8CVSS8.6AI score0.62843EPSS
Exploits0References2Affected Software2
Malwarebytes
Malwarebytes
added 2021/05/27 4:55 p.m.179 views

Falsifying and weaponizing certified PDFs

The Portable Document Format PDF file type is one of the most common file formats in use today. Its value comes from the fact that PDFs always print the same way, and that PDFs are supposed to be read-only unlike a Word document, say, which is designed to be easy to edit. This immutability can be...

0.6AI score
Exploits0
CNNVD
CNNVD
added 2021/05/07 12:0 a.m.4 views

Foxit Reader 缓冲区错误漏洞

Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...

7.8CVSS6.2AI score0.02819EPSS
Exploits0References4
Schneier on Security
Schneier on Security
added 2021/03/08 12:10 p.m.40 views

Hacking Digitally Signed PDF Files

Interesting paper: "Shadow Attacks: Hiding and Replacing Content in Signed PDFs": Abstract: Digitally signed PDFs are used in contracts and invoices to guarantee the authenticity and integrity of their content. A user opening a signed PDF expects to see a warning in case of any modification. In...

3.4AI score
Exploits0
CVE
CVE
added 2020/12/31 8:14 p.m.98 views

CVE-2020-35931

Foxit PDF products are affected by CVE-2020-35931: Foxit Reader before 10.1.1 and PhantomPDF before 9.7.5, and 10.x before 10.1.1 (also macOS 4.1.x) are vulnerable to an Evil Annotation Attack that can spoof certified PDFs by not handling a null Subtype in the Annotation dictionary during increme...

7.8CVSS7.6AI score0.02294EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder