492 matches found
Google Chrome 资源管理错误漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the Views component’s ability to re-use resources after release, potentially allowing remote attackers to exploi...
Debian dla-4597 : atril - security update
The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4597 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4597-1 [email protected] https://www.debian.org/lts/security/...
SUSE SLES15 Security Update : python-Pillow (SUSE-SU-2026:1842-1)
The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1842-1 advisory. This update for python-Pillow fixes the following issue - CVE-2026-42310: infinite loop and resource exhaustion when processing specially crafted PDFs...
DHTMLX Gantt 路径遍历漏洞
DHTMLX Gantt is a JavaScript Gantt chart component developed by DHTMLX Corporation. It supports project planning, task scheduling, and timeline visualization. Versions of DHTMLX Gantt prior to 0.7.6 contained a path traversal vulnerability. This vulnerability stemmed from a lack of HTML cleaning,...
Unity Linux 20.1060e / 20.1070e Security Update: pdfbox (UTSA-2026-017627)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017627 advisory. In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree...
Pillow 安全漏洞
Pillow is an open-source image processing library developed by Pillow. Versions of Pillow from 4.2.0 to 12.2.0 contained security vulnerabilities. These vulnerabilities were due to malicious PDFs, which could cause processes to hang indefinitely, consume 100% of the CPU resources, and render the...
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the pdfContext.setOption process. An attacker can access arbitrary files readable by the PHP worker by uploading a crafted PDF invoice template that triggers the embedding of file contents into the generated PDF...
External Control of File Name or Path
Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert routes. An attacker can access the contents of arbitrary PDF files on the server by supplying a path to a...
Linux Distros Unpatched Vulnerability : CVE-2018-25306
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge...
CVE-2018-25306
PDFunite 0.41.0 contains a local buffer overflow in processing malformed PDFs during merge, causing a segmentation fault via XRef::getEntry in libpoppler when a crafted PDF is merged. This is a local-impact vulnerability that can crash the pdfunite utility; exploitation details and a validated fi...
CVE-2018-25306 PDFunite 0.41.0 Buffer Overflow via Malformed PDF
PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation fault in the XRef::getEntry function within libpoppler by providing a specially crafted PDF...
EUVD-2018-21827
PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation fault in the XRef::getEntry function within libpoppler by providing a specially crafted PDF...
CVE-2026-7233
A flaw was found in Artifex MuPDF, specifically within its CFF Index Handler component. A local user could exploit an out-of-bounds read vulnerability in the fzsubsetcffforgids function. This could allow an attacker to read sensitive information from memory, potentially leading to information...
SUSE CVE-2026-41313
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer /Size value in incremental mode. This has been fixed in pypdf 6.10.2. As...
Harvester APT Expands Spying Operations with New GoGra Linux Malware
New GoGra Linux malware linked to Harvester APT targets systems in South Asia, using fake PDFs and Microsoft APIs for covert command and control...
Linux Distros Unpatched Vulnerability : CVE-2026-41312
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to...
pypdf: Manipulated FlateDecode image dimensions can exhaust RAM
Impact An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using /FlateDecode with large size values. Patches This has been fixed in pypdf==6.10.2. Workarounds If you cannot upgrade yet, consider applying the changes fro...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google with a built-in PDFium component for rendering PDF documents. Google Chrome's PDFium suffers from a heap buffer overflow vulnerability that stems from a failure to properly handle certain data in a specially crafted PDF file, which can be exploit...
Google Chrome PDF Component Memory Misreference Vulnerability
Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 146.0.7680.178. The vulnerability stems from a confusion in the instructions of the PDF component responsible for freeing memory. An attacker could...
CVE-2026-5889
Cryptographic Flaw in PDFium in Google Chrome prior to 147.0.7727.55 allowed an attacker to read potentially sensitive information from encrypted PDFs via a brute-force attack. Chromium security severity: Medium...