Cross-site Scripting (XSS)

Overview pdfjs-dist is a Portable Document Format PDF library that is built with HTML5. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through...

Foxit Reader and PhantomPDF Remote Code Execution Vulnerability (CNVD-2018-11906)

Foxit Reader is a PDF document reader from China's Foxit Software Corporation.Foxit PhantomPDF is a commercial version. A remote code execution vulnerability exists in the handling of pdf files with u3d images in Foxit Reader versions prior to 9.1 and PhantomPDF versions prior to 9.1. A remote...

CVE-2018-5675

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...

CVE-2018-5674

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...

CVE-2018-5679

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader before 9.1 and PhantomPDF before 9.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific...

UBUNTU-CVE-2018-11254

An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode function of PdfPagesTree.cpp. Remote attackers could leverage this vulnerability to cause a denial of service through a crafted pdf file, a related issue to CVE-2017-8054...

Mozilla: Same-origin bypass of PDF Viewer to view protected PDF files

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR 52.8 an...

Mozilla: Same-origin bypass of PDF Viewer to view protected PDF files

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR 52.8 an...

chromium-browser: Use after free in PDFium

An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file...

CVE-2018-3843

An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory disclosure, an...

Memory corruption vulnerability in ApowerPDF's handling of PDF files

ApowerPDF is a PDF editor that can be used to convert, view, create PDF files and provide users with a one-stop PDF solution. A memory corruption vulnerability exists in ApowerPDF when processing PDF files. An attacker can cause the program to crash by constructing a malformed PDF file, which, if...

Foxit Reader and PhantomPDF Heap Buffer Overflow Vulnerability

Foxit Reader is a PDF document reader from China's Foxit Software Corporation.Foxit PhantomPDF is a commercial version. A heap buffer overflow vulnerability exists in Foxit Reader and PhantomPDF versions 7.3.4.311 and earlier. A remote attacker could exploit this vulnerability with Bezier data in...

CVE-2017-17858

Heap-based buffer overflow in the ensuresolidxref function in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 allows a remote attacker to potentially execute arbitrary code via a crafted PDF file, because xref subsection object numbers are unrestricted...

DEBIAN-CVE-2018-5308

PoDoFo 0.9.5 does not properly validate memcpy arguments in the PdfMemoryOutputStream::Write function base/PdfOutputStream.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file...

PT-2018-16885 · Podofo +4 · Podofo +4

Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.9.5 Description: The issue arises from improper validation of memcpy arguments in the PdfMemoryOutputStream::Write function. This could allow remote attackers to cause a denial-of-service or possibly other unspecified impacts...

CVE-2017-1000424

Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control...

CVE-2017-1000424

Github Electron version 1.6.4 - 1.6.11 and 1.7.0 - 1.7.5 is vulnerable to a URL Spoofing problem when opening PDFs in PDFium resulting loading arbitrary PDFs that a hacker can control...

CVE-2017-16368

An issue was discovered in Adobe Acrobat and Reader: 2017.012.20098 and earlier versions, 2017.011.30066 and earlier versions, 2015.006.30355 and earlier versions, and 11.0.22 and earlier versions. This vulnerability leads to a stack-based buffer overflow condition in the internal Unicode string...

chromium-browser: use after free in pdfium

Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file...

iText XML External Entity Vulnerability

iText is a software development kit that allows users to integrate PDF functionality into their application, process or product. An XML external entity injection vulnerability exists in iText prior to 5.5.12 and version 7.x prior to 7.0.3. The vulnerability arises because the XML parser in iText...