External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert routes. An attacker can access the contents of arbitrary PDF files on the server by supplying a path to a...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert routes. An attacker can access the contents of arbitrary PDF files on the server by supplying a path to a...

Gotenberg has arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes

Summary Six conversion routes pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf + watermarkExpression=/path from anonymous callers. The dedicated...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert routes. An attacker can access the contents of arbitrary PDF files on the server by supplying a path to a...

PT-2026-38382

Name of the Vulnerable Software and Affected Versions Gotenberg versions 8.31.0 and earlier Description A Server-Side Request Forgery SSRF issue exists in the LibreOffice conversion endpoint "/forms/libreoffice/convert". While some SSRF hardening is present in the Go code, the application passes...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read through the FBXConverter::ConvertMeshMultiMaterial process. An attacker can cause the application to crash or become unresponsive by submitting specially crafted input files. Remediation There is no fixed version for...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read in the ConvertMeshMultiMaterial process in FBXConverter.cpp. An attacker can trigger application termination or resource exhaustion by submitting specially crafted input files. Remediation There is no fixed version fo...

DEBIAN-CVE-2025-70069

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial method...

CVE-2025-70069

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial method...

CVE-2025-70069

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp and ConvertMeshMultiMaterial method...

EUVD-2025-209622

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp, FBXConverter::ConvertMeshMultiMaterial components...

CVE-2025-70072

Summary of CVE-2025-70072 (Assimp 6.0.2) : A denial-of-service vulnerability arises in the FBXConverter.cpp, specifically in FBXConverter::ConvertMeshMultiMaterial(). The issue is triggered remotely and impacts the application’s ability to process certain mesh materials, as described in the conne...

Assimp 资源管理错误漏洞

Assimp is an open-source library developed by Assimp. It is used for importing and exporting various 3D model formats. Version 6.0.2 of Assimp contains a resource management vulnerability. This vulnerability originates from the ConvertMeshMultiMaterial method in FBXConverter.cpp, and it could all...

CVE-2026-31452

CVE-2026-31452 affects the Linux kernel ext4 filesystem. Connected sources confirm a concrete vulnerability in inline data storage: when truncate() increases a file beyond the inline capacity, ext4 currently risks the inode inline flag and the file size becoming inconsistent. The fix introduces a...

CVE-2026-31452

In the Linux kernel, the following vulnerability has been resolved: ext4: convert inline data to extents when truncate exceeds inline size Add a check in ext4setattr to convert files from inline data storage to extent-based storage when truncate grows the file size beyond the inline capacity. Thi...

Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013626)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013626 advisory. In the Linux kernel, the following vulnerability has been resolved: selinux: enable use of both GFPKERNEL and GFPATOMIC in convertcontext The following warning was...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from ksmbd’s handling of composite requests like QUERYDIRECTORY + QUERYINFOFILEALLINFORMATION. This...

PT-2026-34357

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the ext4 filesystem where the system fails to convert files from inline data storage to extent-based storage when a truncate operation increases the file size beyond t...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011119)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011119 advisory. In the Linux kernel, the following vulnerability has been resolved: selinux: enable use of both GFPKERNEL and GFPATOMIC in convertcontext The following warning was...

JLSEC-2026-134

An issue in Academy Software Foundation openexr v.3.2.3 and before allows a local attacker to cause a denial of service DoS via the convert function of exrmultipart.cpp...