5 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-61857
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick before 7.1.2-26 contains a heap use-after-free vulnerability caused by missing null check when parsing XMP profiles. Attackers can craft malicious...
XML Entity Expansion
Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to XML Entity Expansion when parsing XMP metadata. An attacker can cause excessive memory consumption with excessive DOCTYPE entity...
pdfbox: XML External Entity vulnerability
It was found that the parsing of XMP and other XML formats in PDF by Apache PDFBox would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks...
CVE-2016-2175
It was found that the parsing of XMP and other XML formats in PDF by Apache PDFBox would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XXE attacks...
CVE-2016-4434
It was found that the parsing of OOXML, XMP in PDF, and some other file formats by Apache Tika would expand entity references. A remote, unauthenticated attacker could use this flaw to read files accessible to the user running the application server, and potentially perform other more advanced XX...