Lucene search
K

2574 matches found

NVD
NVD
added 3 days ago8 views

CVE-2026-57252

When the application opens a PDF file, during the process of JavaScript deleting pages and removing attachment annotations, it will cause the attachment panel to continue accessing invalid pointers, eventually leading to the application crashing...

7.8CVSS0.00116EPSS
Exploits0References1
NVD
NVD
added 3 days ago10 views

CVE-2026-57249

After the application opened the PDF file, the script first reset the annotation status, then triggered the reset form event by additional action. During the re-entry process, the application access invalid objects and crashed...

7.8CVSS0.00116EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-13129

When the application opens a PDF file, JavaScript uses the damaged field tree to trigger field traversal, resulting in the program holding an invalid form object when accessing the field property path. Eventually, the application crashes due to reading an invalid pointer...

7.8CVSS6AI score0.00116EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 3 days ago6 views

CVE-2026-57249

After the application opened the PDF file, the script first reset the annotation status, then triggered the reset form event by additional action. During the re-entry process, the application access invalid objects and crashed...

7.8CVSS5.9AI score0.00116EPSS
Exploits0References2Affected Software2
ATTACKERKB
ATTACKERKB
added 3 days ago7 views

CVE-2026-57260

The application opened a PDF file containing an abnormal Unity 3D object. During parsing, the application incorrectly resolved a portion of the abnormal object as a pointer and used it as a valid address, ultimately causing the application to crash...

7.8CVSS6AI score0.00116EPSS
Exploits0References2Affected Software2
OSV
OSV
added 2026/07/01 11:16 p.m.3 views

DEBIAN-CVE-2026-14404

Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00202EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/29 1:15 a.m.32 views

CVE-2026-13522 Investintech SlimPDFReader PDF File SlimPDFReader.exe TeighaDo+0x25cde0 out-of-bounds

A security flaw has been discovered in Investintech SlimPDFReader up to 2.0.14. Affected by this issue is the function SlimPDFReader!Investintech::PCV::TeighaDo+0x25cde0 of the file SlimPDFReader.exe of the component PDF File Handler. Performing a manipulation results in out-of-bounds read. It is...

5.3CVSS0.00293EPSS
Exploits0References4
CVE
CVE
added 2026/06/12 9:59 p.m.22 views

CVE-2025-7002

CVE-2025-7002 is a heap buffer out-of-bounds read vulnerability in the Avira Antivirus engine when scanning a malformed PDF, potentially allowing local code execution or crashing the antivirus process. Affected products are Avira Antivirus engines on Windows, macOS, and Linux with builds prior to...

7.8CVSS5.7AI score0.00131EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/06/12 2:32 a.m.14 views

SUSE CVE-2026-10118

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS5.7AI score0.00252EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2026/06/07 4:38 a.m.14 views

SUSE CVE-2026-11307

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

8.8CVSS6AI score0.00228EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.9 views

CVE-2026-7315

A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function getpdfpath of the file src/spirepdfmcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. The attack can be launched remotely. The exploi...

7.5CVSS6.8AI score0.0041EPSS
Exploits0References1
OSV
OSV
added 2026/06/05 12:17 a.m.5 views

DEBIAN-CVE-2026-11306

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

8.8CVSS6AI score0.00224EPSS
Exploits0References1
OSV
OSV
added 2026/06/04 11:16 p.m.8 views

DEBIAN-CVE-2026-10945

Use after free in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

8.8CVSS6AI score0.0036EPSS
Exploits0References1
CVE
CVE
added 2026/06/04 11:6 p.m.51 views

CVE-2026-11306

CVE-2026-11306 (Google Chrome) is a use-after-free in PDFium that allows a remote attacker to execute arbitrary code inside the sandbox via a crafted PDF file, affecting Chrome versions prior to 149.0.7827.53. The vulnerability is described across multiple sources as a PDFium issue leading to pot...

8.8CVSS6.2AI score0.00224EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/04 11:6 p.m.29 views

CVE-2026-11305

CVE-2026-11305 describes a use-after-free in PDFium used by Google Chrome prior to 149.0.7827.53, allowing remote code execution inside the sandbox via a crafted PDF file. Affected component: PDFium within Chrome/Chromium; vulnerability type: use-after-free. Impact as documented: high for confide...

8.8CVSS6.2AI score0.00228EPSS
Exploits0References2Affected Software1
EUVD
EUVD
added 2026/05/29 12:38 a.m.12 views

EUVD-2026-33135

Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted PDF file. Chromium security severity: High...

5.8AI score0.00164EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Poppler

A vulnerability was discovered in the freedesktop Poppler version 20.12.1. This vulnerability allows remote attackers to trigger a Denial-of-Service DoS attack through a crafted .pdf file, targeting the FoFiType1C::cvtGlyph function...

6.5CVSS7.2AI score0.00927EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Chromium

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file...

5.5CVSS6.6AI score0.01336EPSS
Exploits0References1
Redos
Redos
added 2026/05/15 12:0 a.m.11 views

ROS-20260515-73-0015

A vulnerability in the Google Chrome web browser is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted PDF file...

8.8CVSS7.7AI score0.00481EPSS
Exploits0
NVD
NVD
added 2026/04/28 10:16 p.m.6 views

CVE-2026-7315

A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function getpdfpath of the file src/spirepdfmcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. The attack can be launched remotely. The exploi...

7.5CVSS0.0041EPSS
Exploits0References5
Rows per page
Query Builder