GLSA-202401-20 : QPDF: Buffer Overflow

The remote host is affected by the vulnerability described in GLSA-202401-20 QPDF: Buffer Overflow - QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in PlASCII85Decoder::write called from PlAESPDF::flush and PlAESPDF::finish when a certain downstream write fails...

Amazon Linux 2 : qpdf (ALAS-2024-2409)

The version of qpdf installed on the remote host is prior to 5.0.1-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2409 advisory. 2024-01-17: CVE-2021-36978 was added to this advisory. An issue was discovered in QPDF version 10.0.4, allows remote attacker...

Important: qpdf

Issue Overview: An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to PlASCII85Decoder::write parameter in libqpdf. CVE-2021-25786 QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in...

fileopsx (>=1.0.1 <=1.0.2), xml2pdf (>=1.0.0 <=1.1.0) potentially affected by CVE-2023-26155 via node-qpdf (=1.0.3)

node-qpdf NPM version =1.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on node-qpdf and may be impacted: - fileopsx =1.0.1, =1.0.0, =1.1.0 Source cves: CVE-2023-26155 Source advisory: OSV:GHSA-FPR8-4WVX-J9Q3...

node-qpdf vulnerable to command injection

All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the...

GHSA-FPR8-4WVX-J9Q3 node-qpdf vulnerable to command injection

All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the...

Command injection

All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the...

CVE-2023-26155

All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the...

CVE-2023-26155

node-qpdf is vulnerable to Command Injection due to encrypt() not sanitizing input before passing it to a sensitive command execution API. Affected: all versions. Root cause: unsanitized parameter input in encrypt() leads to command execution when a PDF file path is provided. Impact: potential ar...

CVE-2023-26155

All versions of the package node-qpdf are vulnerable to Command Injection such that the package-exported method encrypt fails to sanitize its parameter input, which later flows into a sensitive command execution API. As a result, attackers may inject malicious commands once they can specify the...

PT-2023-20534 · Node-Qpdf · Node-Qpdf

Name of the Vulnerable Software and Affected Versions: node-qpdf versions all Description: The issue arises from the encrypt method failing to sanitize its parameter input, which later flows into a sensitive command execution API. This allows attackers to inject malicious commands once they can...

Debian: Security Advisory (DLA-3548-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3548 : libqpdf-dev - security update

The remote Debian 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-3548 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3548-1 [email protected]...

[SECURITY] [DLA 3548-1] qpdf security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3548-1 [email protected] https://www.debian.org/lts/security/ Thorsten Alteholz August 29, 2023 https://wiki.debian.org/LTS -...

DLA-3548-1 qpdf - security update

Bulletin has no description...

OESA-2023-1542 qpdf security update

QPDF is a command-line program that does structural, content-preserving transformations on PDF files. It could have been called something like pdf-to-pdf. It also provides many useful capabilities to developers of PDF-producing software or for people who just want to look at the innards of a PDF...

CVE-2021-25786

A flaw was found in the qpdf package. This issue may allow attackers to crash the system or execute arbitrary code via a crafted .pdf file to the PlASCII85Decoder::write parameter in libqpdf...

SUSE CVE-2021-25786

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to PlASCII85Decoder::write parameter in libqpdf...

CVE-2021-25786

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to PlASCII85Decoder::write parameter in libqpdf...

DEBIAN-CVE-2021-25786

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to PlASCII85Decoder::write parameter in libqpdf...