MiracleLinux 3 : tetex-3.0-33.15.1.0.1.AXS3 (AXSA:2012-906:01)

The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-906:01 advisory. TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a...

Exploit for Improper Restriction of XML External Entity Reference in Apache Tika

Apache Tika XXE Vulnerability Tester CVE-2025-54988 A compr...

Apache Tika has XXE vulnerability

Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...

EUVD-2025-34838

In Xpdf 4.05 and earlier, a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow...

EUVD-2010-3687

Malware in sbrugna...

EUVD-2018-1798

Malware in sbrugna...

EUVD-2020-27228

Malware in sbrugna...

EUVD-2018-1797

Malware in sbrugna...

EUVD-2018-1800

Malware in sbrugna...

EUVD-2010-3685

Malware in sbrugna...

EUVD-2021-0175

Malware in sbrugna...

EUVD-2018-1801

Malware in sbrugna...

EUVD-2011-3860

Malware in sbrugna...

XML External Entity Injection (XXE)

org.apache.tika, tika-parser-pdf-module is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of crafted XFA files inside PDFs, which allows an attacker to read sensitive data or trigger malicious requests to internal or third-party servers...

Linux Distros Unpatched Vulnerability : CVE-2015-8981

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors...

Linux Distros Unpatched Vulnerability : CVE-2017-8378

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service...

ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +306 more potentially affected by CVE-2025-54988 via org.apache.tika:tika-parser-pdf-module (>=2.0.0-ALPHA <=3.2.1)

org.apache.tika:tika-parser-pdf-module MAVEN version =2.0.0-ALPHA, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.2.0, =1.0.3.1-JDK21, =1.0.0, =1.0.0, =1.0, =1.4 and more Source cves: CVE-2025-54988 Source advisory: OSV:GHSA-P72G-PV48-7W9X...

CVE-2025-54988 Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA

Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...

CVE-2025-54869 FPDI is Vulnerable to Memory Exhaustion (OOM) through its PDF Parser

FPDI is a collection of PHP classes that facilitate reading pages from existing PDF documents and using them as templates in FPDF. In versions 2.6.2 and below, any application that uses FPDI to process user-supplied PDF files is at risk, causing a Denial of Service DoS vulnerability. An attacker...

CVE-2025-54869

CVE-2025-54869 affects FPDI (PHP) up to version 2.6.2. The vulnerability arises when processing user-supplied PDFs, causing server-side memory exhaustion and DoS; service availability can be degraded under repeated attacks. Remediation: upgrade to FPDI 2.6.3 or later. This summary reflects detail...