Lucene search
K

332 matches found

OSV
OSV
added 2025/10/22 7:40 p.m.3 views

GHSA-VR63-X8VC-M265 pypdf possibly loops infinitely when reading DCT inline images without EOF marker

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. Patches This has been fixed in pypdf==6.1.3. Workarounds If you cannot upgrade yet, consider...

8.7CVSS6.8AI score0.00402EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-12812

Malware in sbrugna...

8.8CVSS8.8AI score0.01445EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-12811

Malware in sbrugna...

9.8CVSS9.5AI score0.01652EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2025-19742

Malicious code in bioql PyPI...

6.9CVSS8.3AI score0.00371EPSS
Exploits1References5
Redos
Redos
added 2025/09/10 12:0 a.m.4 views

ROS-20250910-02

A vulnerability in the Hints::Hints poppler/Hints.cc function of the Poppler PDF display library is related to a resource release error. with resource release errors. Exploitation of the vulnerability allows an attacker acting remotely, to cause a denial of service using a specially crafted PDF...

6.9CVSS6.8AI score0.01547EPSS
Exploits3
OPENSUSE Linux
OPENSUSE Linux
added 2025/09/07 12:0 a.m.10 views

libQt5Pdf5-5.15.19-1.1 on GA media (moderate)

libQt5Pdf5-5.15.19-1.1 on GA media Announcement ID: openSUSE-SU-2025:15531-1 Rating: moderate Cross-References: CVE-2024-10229 CVE-2024-10827 CVE-2024-11477 CVE-2024-12694 CVE-2024-55549 CVE-2025-0436 CVE-2025-0762 CVE-2025-0996 CVE-2025-0999 CVE-2025-1426 CVE-2025-1919 CVE-2025-2136 CVE-2025-242...

7.8CVSS8.4AI score0.21985EPSS
Exploits16
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-17057

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in TCPDF before 6.2.22. Attackers can trigger deserialization of arbitrary data via the phar:// wrapper. CVE-2018-17057 Note that Nessus...

9.8CVSS7.4AI score0.26172EPSS
Exploits7References2
CNNVD
CNNVD
added 2025/08/13 12:0 a.m.4 views

pypdf 安全漏洞

pypdf is py-pdf open source a free open source pure python PDF library . The ability to split, merge, crop and convert pages of a PDF file. A security vulnerability exists in pypdf versions prior to 6.0.0, which stems from the fact that a malicious PDF could lead to RAM exhaustion, affecting...

8.7CVSS6.3AI score0.00408EPSS
Exploits0References5
OSV
OSV
added 2025/08/06 12:15 a.m.3 views

DEBIAN-CVE-2025-54869

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service DoS vulnerability. An attacker...

6CVSS5.5AI score0.00279EPSS
Exploits0References1
NVD
NVD
added 2025/07/02 4:15 p.m.8 views

CVE-2025-52886

Poppler is a PDF rendering library. Versions prior to 25.06.0 use std::atomicint for reference counting. Because std::atomicint is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue...

6.9CVSS0.00371EPSS
Exploits1References7
OSV
OSV
added 2025/07/02 3:46 p.m.4 views

CVE-2025-52886 Poppler Use After Free Vulnerability

Poppler is a PDF rendering library. Versions prior to 25.06.0 use std::atomicint for reference counting. Because std::atomicint is only 32 bits, it is possible to overflow the reference count and trigger a use-after-free. Version 25.06.0 patches the issue...

6.9CVSS8.4AI score0.00371EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2025/05/23 4:2 a.m.3 views

CVE-2023-36810

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of t...

6.5CVSS6.6AI score0.00625EPSS
Exploits1
Rockylinux
Rockylinux
added 2025/05/07 7:11 p.m.8 views

poppler security update

An update is available for poppler. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Poppler is a Portable Document Format PDF rendering library, used by...

5.5CVSS7.4AI score0.00517EPSS
Exploits1
Snyk
Snyk
added 2025/03/18 9:7 p.m.2 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the addImage, html, and addSvgAsImage methods. An attacker can occupy excessive CPU by supplying a malicious data-url. PoC js import jsPDF from "jpsdf" const doc = new jsPDF; const payload =...

8.7CVSS6.7AI score0.00646EPSS
Exploits1References2
Snyk
Snyk
added 2025/03/18 9:7 p.m.6 views

Regular Expression Denial of Service (ReDoS)

Overview Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS in the addImage, html, and addSvgAsImage methods. An attacker can occupy excessive CPU by supplying a malicious data-url. PoC js import jsPDF from "jpsdf" const doc = new jsPDF; const payload =...

8.7CVSS6.7AI score0.00646EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2025/02/28 12:0 a.m.6 views

The vulnerability of the PHP library TCPDF, related to the use of files and directories accessible from external parties, allows a hacker to execute arbitrary code.

The vulnerability of the PHP TCPDF library is related to the use of files and directories accessible from external parties. Exploiting this vulnerability allows a malicious actor to execute arbitrary code...

6.1CVSS5.9AI score
Exploits0References2Affected Software1
OSV
OSV
added 2024/12/27 5:15 a.m.3 views

UBUNTU-CVE-2024-56519

An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute...

7.5CVSS5.8AI score0.00603EPSS
Exploits0References5
OSV
OSV
added 2024/12/27 5:15 a.m.1 views

UBUNTU-CVE-2024-56521

An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER are set unsafely...

9.8CVSS5.8AI score0.00748EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/27 12:0 a.m.4 views

TCPDF 安全漏洞

TCPDF is an open source library from Tecnick. It is used to generate PDF documents and barcodes. TCPDF version before 6.8.0 has a security vulnerability , the vulnerability stems from the Error function lacks htmlspecialchars call for error messages...

7.5CVSS6.5AI score0.00717EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/12/27 12:0 a.m.3 views

TCPDF 安全漏洞

TCPDF is an open source library from Tecnick. It is used to generate PDF documents and barcodes. A security vulnerability exists in TCPDF versions prior to 6.8.0, which stems from insecure settings of CURLOPTSSLVERIFYHOST and CURLOPTSSLVERIFYPEER...

9.8CVSS6.4AI score0.00748EPSS
Exploits0References3
Rows per page
Query Builder