492 matches found
Improper Encoding or Escaping of Output
Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the AcroformChoiceField.addOption, AcroformChoiceField.setOptions, AcroFormCheckBox.appearanceState, or AcroFormRadioButton.appearanceState...
pypdf security vulnerability
pypdf is an open-source, free Python library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages within PDF files. Prior to version 6.6.2, pypdf had a security vulnerability due to an infinite loop, which could lead to resource consumption when processing special...
GHSA-2Q4J-M29V-HQ73 pypdf has possible Infinite Loop when processing outlines/bookmarks
Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. Patches This has been fixed in pypdf 6.6.2. Workarounds If projects cannot upgrade yet, consider applying the changes from PR 3610...
MiracleLinux 7 : okular-4.10.5-9.el7 (AXSA:2020-696:02)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-696:02 advisory. okular: local binary execution via specially crafted PDF files CVE-2020-9359 Tenable has extracted the preceding description block directly from the...
MiracleLinux 7 : poppler-0.26.5-17.el7 (AXSA:2017-2054:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2054:01 advisory. A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use...
CVE-2025-67079
File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions...
Foxit PDF Reader PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PD...
Remote Code Execution (RCE)
pdfminer.six is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe deserialization in the CMapDB.loaddata function, where pickle.loads processes attacker-controlled pickle.gz files referenced by a malicious PDF, allowing arbitrary code execution when the file is...
CVE-2025-67341
jshERP versions 3.5 and earlier are affected by a stored XSS vulnerability. This vulnerability allows attackers to upload PDF files containing XSS payloads. Additionally, these PDF files can be accessed via static URLs, making them accessible to all users...
CVE-2025-67341
CVE-2025-67341 affects jshERP 3.5 and earlier, with a stored XSS in uploaded PDF files that can be accessed via static URLs by any user. The issue’s root cause is a stored XSS vulnerability in PDF upload handling, leading to potential script execution within users’ contexts. Severity is CVSS v3.1...
EUVD-2025-202707
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely...
CVE-2025-55313
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely...
CVE-2025-55313
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely...
CVE-2025-55313
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely...
CVE-2025-55309
Summary: CVE-2025-55309 affects Foxit PDF Editor/Reader on Windows and macOS prior to specific updated versions. A crafted PDF can include JavaScript that attaches an OnBlur action to a form field that destroys an annotation. During a user’s right‑click interaction, the application’s focus handli...
CVE-2025-55313
Summary: CVE-2025-55313 affects Foxit PDF Editor/Reader for Windows and macOS prior to 13.2 and prior to 2025.2. The issue stems from how memory allocation failures are handled after JavaScript assigns an extremely large value to a form field’s charLimit, leading to memory corruption and potentia...
XML External Entity (XXE) Injection
Apache Tika is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of XFA content in PDFs within the tika-parser-pdf-module, where crafted XFA files can trigger XXE, allowing attackers to read sensitive files or make malicious internal or external reques...
Linux Distros Unpatched Vulnerability : CVE-2025-66019
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory...
Linux Distros Unpatched Vulnerability : CVE-2025-64512
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Pdfminer.six is a community maintained fork of the original PDFMiner, a tool for extracting information from PDF documents. Prior to version 20251107,...
Deserialization of Untrusted Data
Overview pdfminer.six is a PDF parser and analyzer Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the CMapDB.loaddata function. An attacker can execute arbitrary code by crafting a malicious PDF that references a specially crafted pickle file, which is...