EUVD-2024-52658

Malicious code in bioql PyPI...

CVE-2024-54731

cpdf through 2.8 allows stack consumption via a crafted PDF document...

CVE-2024-54731

cpdf through 2.8 allows stack consumption via a crafted PDF document...

CVE-2024-54731

cpdf through 2.8 allows stack consumption via a crafted PDF document...

CVE-2024-54731

cpdf through 2.8 allows stack consumption via a crafted PDF document...

CVE-2024-54731

CVE-2024-54731 affects cpdf (CPDF) up to version 2.8 and earlier, where a crafted PDF document can trigger a stack consumption condition. The root cause is a vulnerability in how CPDF processes PDFs, with impact stated as availability loss (LOW). Exploitation details are not provided in the conne...

PT-2025-3066 · Cpdf · Cpdf

Name of the Vulnerable Software and Affected Versions: cpdf versions 2.8 and earlier Description: The issue allows stack consumption via a crafted PDF document. This can be achieved through a manipulated PDF document. Recommendations: For versions 2.8 and earlier, consider updating to a version...

CVE-2024-54731

cpdf through 2.8 allows stack consumption via a crafted PDF document...

Dompdf's usage of vulnerable version of phenx/php-svg-lib leads to restriction bypass and potential RCE

Summary A lack of sanitization/check in the font path returned by php-svg-lib, in the case of a inline CSS font defined, that will be used by Cpdf to open a font will be passed to a fileexists call, which is sufficient to trigger metadata unserializing on a PHAR file, through the phar:// URL...

SUSE CVE-2014-7900

Use-after-free vulnerability in the CPDFParser::IsLinearizedFile function in fpdfapi/fpdfparser/fpdfparserparser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document...

CVE-2020-0493

In CPDFSampledFunc::vCall of cpdfsampledfunc.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2020-0496

In CPDFRenderStatus::LoadSMask of cpdfrenderstatus.cpp, there is a possible memory corruption due to a use-after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2020-0493

In CPDFSampledFunc::vCall of cpdfsampledfunc.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

CVE-2018-9951

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit Reader CPDF_Object Remote Code Execution Vulnerability

Foxit Reader is a small PDF document viewer and printing program. Foxit Reader has a security vulnerability in CPDFObject object handling, which can be exploited by an attacker to execute arbitrary code in the current process context due to a lack of authentication before performing operations on...

Google Chrome PDFium 'CPDF_Document::GetPage' function code injection vulnerability

Google Chrome is an open source WEB browser. Google Chrome uses PDFium in the fpdfapi/fpdfparser/fpdfparserdocument.cpp file in the 'CPDFDocument::GetPage' function has a security vulnerability that allows an An attacker to construct a malicious PDF document and induce users to parse it, which...

CVE-2007-1412

The cpdfopen function in the ClibPDF cpdf extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information script source code via a long string in the second argument...