PT-2022-37380 · Pypi · D8S-Pdfs +1

Name of the Vulnerable Software and Affected Versions: d8s-pdfs version 0.1.0 Description: The d8s-pdfs for python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-networking package. Recommendations: For version 0.1.0...

XPDF 安全漏洞

XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. A security vulnerability exists in XPDF v4.0.4, which originates from the inclusion of a segmentation violation via component /xpdf/AcroForm.cc:538...

XPDF 输入验证错误漏洞

XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. A security vulnerability exists in XPDF versions prior to 4.04, which stems from the JBIG2Stream::readSymbolDictSeg function in the JBIG2Stream.cc compone...

XPDF 缓冲区错误漏洞

XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. XPDF has a buffer error vulnerability that originates from DCTStream::getChar in /xpdf/Stream.cc contains a heap buffer overflow...

XPDF 安全漏洞

XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. XPDF commit id ffaf11c has a security vulnerability that originates from /xpdf/Lexer.cc in Lexer::getObjObject contains a global buffer overflow...

XPDF 缓冲区错误漏洞

XPDF is an open source PDF reader from FOO Labs. The product supports decoding files in LZW compressed format and reading encrypted PDF files. XPDF suffers from a buffer error vulnerability that stems from DCTStream::transformDataUnit in /xpdf/Stream.cc contains a heap buffer overflow...

DEBIAN-CVE-2022-34503

QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted PDF file...

PT-2022-6625 · Pdf Xchange · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a...

USN-5282-1 pdfresurrect vulnerabilities

It was discovered that PDFResurrect was incorrectly handling corrupted PDF files. An attacker could possibly use this issue to cause a buffer overflow, resulting in a denial of service, or arbitrary code execution. This issue only affected Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. CVE-2019-14267 It...

Stored Cross-site Scripting in gitea

Cross-site Scripting XSS - Stored in GitHub repository go-gitea/gitea prior to 1.16.9 via unfiltered pdfs...

GHSA-PH3W-2843-72MX Stored Cross-site Scripting in gitea

Cross-site Scripting XSS - Stored in GitHub repository go-gitea/gitea prior to 1.16.9 via unfiltered pdfs...

Webkit PDFs for TYPO3 has SQL Injection vulnerability

SQL injection vulnerability in the Webkit PDFs webkitpdf extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Webkit PDFs for TYPO3 allows remote attackers to execute arbitrary commands

Unspecified vulnerability in the Webkit PDFs webkitpdf extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors...

GHSA-XQ29-JCJ7-XG86 Webkit PDFs for TYPO3 allows remote attackers to execute arbitrary commands

Unspecified vulnerability in the Webkit PDFs webkitpdf extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary commands via unknown vectors...

GHSA-9568-HCJ9-RF7V Webkit PDFs for TYPO3 has SQL Injection vulnerability

SQL injection vulnerability in the Webkit PDFs webkitpdf extension before 1.1.4 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors...

Electron vulnerable to URL spoofing via PDFium

Electron version 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control...

GHSA-6H98-CF9G-VMG2 Electron vulnerable to URL spoofing via PDFium

Electron version 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control...

UBUNTU-CVE-2022-30524

There is an invalid memory access in the TextLine class in TextOutputDev.cc in Xpdf 4.0.4 because the text extractor mishandles characters at large y coordinates. It can be triggered by for example sending a crafted pdf file to the pdftotext binary, which allows a remote attacker to cause a Denia...

PT-2022-20158 · Xpdf +1 · Xpdf +1

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.0.4 Description: The issue is caused by an invalid memory access in the TextLine class in TextOutputDev.cc. This occurs because the text extractor mishandles characters at large y coordinates. It can be triggered by sending a...

Malicious-Pdf - Generate A Bunch Of Malicious Pdf Files With Phone-Home Functionality

Generate ten different malicious pdf files with phone-home functionality. Can be used with Burp Collaborator or Interact.sh Used for penetration testing and/or red-teaming etc. I created this tool because i needed a third party tool to generate a bunch of PDF files with various links. Usage pytho...