OESA-2021-1160 pdfbox security update

Apache PDFBox is an open source Java PDF library for working with PDF documents. This project allows creation of new PDF documents, manipulation of existing documents and the ability to extract content from documents. Apache PDFBox also includes several command line utilities. Apache PDFBox is...

YIKES! Hackers flood the web with 100,000 pages offering malicious PDFs

Cybercriminals are resorting to search engine poisoning techniques to lure business professionals into visiting seemingly legitimate Google sites that install a Remote Access Trojan RAT capable of carrying out a wide range of attacks. The attack works by leveraging searches for business forms suc...

Adobe Acrobat Reader 安全漏洞

Adobe Acrobat and Reader are the United States Odo than Adobe company's products. Adobe Acrobat is a set of PDF file editing and conversion tools. Reader is a set of PDF document reading software. A number of Adobe products have security vulnerabilities. Unauthenticated attackers can take advanta...

PT-2021-17627 · Apache · Apache Pdfbox

Name of the Vulnerable Software and Affected Versions: Apache PDFBox versions 2.0.22 and prior 2.0.x versions Description: A carefully crafted PDF file can trigger an infinite loop while loading the file. Recommendations: For Apache PDFBox versions 2.0.22 and prior 2.0.x versions, update to a...

Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs

Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. Called "Shadow attacks" by academics from Ruhr-University Bochum, the technique uses the...

CVE-2021-21059

Acrobat Reader DC versions versions 2020.013.20074 and earlier, 2020.001.30018 and earlier and 2017.011.30188 and earlier are affected by a Memory corruption vulnerability when parsing a specially crafted PDF file. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary...

Researchers Disclose Undocumented Chinese Malware Used in Recent Attacks

Cybersecurity researchers have disclosed a series of attacks by a threat actor of Chinese origin that has targeted organizations in Russia and Hong Kong with malware — including a previously undocumented backdoor. Attributing the campaign to Winnti or APT41, Positive Technologies dated the first...

Unspecified Vulnerability in Foxit Reader and PhantomPDF (CNVD-2021-04405)

Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. A security vulnerability exists in Foxit Reader and PhantomPDF, which can be exploited by attackers to spoof authenticated PDF documents via a malicious annotation attack, as the product does not take in...

Apple macOS libnetworkextension ne_filter_protocol_remove_input_handler Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of networ...

CVE-2020-24411

Adobe Illustrator version 24.2 and earlier is affected by an out-of-bounds write vulnerability when handling crafted PDF files. This could result in a write past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This...

CVE-2020-26536

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document...

UBUNTU-CVE-2020-24996

There is an invalid memory access in the function TextString::TextString located in Catalog.cc in Xpdf 4.0.2. It can be triggered by for example sending a crafted pdf file to the pdftohtml binary, which allows a remote attacker to cause a Denial of Service Segmentation fault or possibly have...

UBUNTU-CVE-2020-16297

A buffer overflow vulnerability in FloydSteinbergDitheringC in contrib/gdevbjca.c of Artifex Software GhostScript v9.18 to v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51...

PT-2020-20827 · Apple · Itunes +7

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.6 iPadOS versions prior to 13.6 macOS Catalina versions prior to 10.15.6 tvOS versions prior to 13.4.8 watchOS versions prior to 6.2.8 iTunes versions prior to 12.10.8 for Windows iCloud for Windows versions prior to...

OPENSUSE-SU-2020:0670-1 Security update for nextcloud

This update for nextcloud to 18.0.4 fixes the following issues: Security issues fixed: - CVE-2020-8154: Fixed an XSS vulnerability when opening malicious PDFs NC-SA-2020-018 boo1171579. - CVE-2020-8155: Fixed a direct object reference vulnerability that allowed attackers to remotely wipe devices ...

CVE-2020-10895

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PhantomPDF 9.7.1.29511. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

chromium-browser: Uninitialized use in PDFium

Use of uninitialized data in PDFium in Google Chrome prior to 80.0.3987.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file...

Foxit Reader Memory Misreference Vulnerability (CNVD-2020-04108)

Foxit Reader old name: Foxit PDF Reader is a set of software used to read PDF format files, by Fujian Foxit Software developed by Foxit Reader is a set of free to use the software, the operating system is mainly based on Microsoft Windows, and as long as there is a Win32 implementation of the...

DTEN D5 and DTEN D7 Information Disclosure Vulnerabilities

The DTEN D5 and DTEN D7 are both stylus pens from DTEN. A security vulnerability exists in DTEN D5 and D7 versions prior to version 1.3.2, which originates from a lack of authentication of the web server on TCP port 8080. The vulnerability can be exploited by an attacker to read stored whiteboard...

CVE-2019-8772

An issue existed in the handling of links in encrypted PDFs. This issue was addressed by adding a confirmation prompt. This issue is fixed in macOS Catalina 10.15. An attacker may be able to exfiltrate the contents of an encrypted PDF...