CVE-2026-3939

Insufficient policy enforcement in PDF in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted PDF file. Chromium security severity: Low...

CVE-2025-65783

CVE-2025-65783: Hubert Hub v2.0 1.27.3 contains an arbitrary file upload flaw in /utils/uploadFile that allows an attacker to execute arbitrary code by uploading a crafted PDF. The description and connected Red Hat/NVD entries confirm the vulnerability type and impact (remote, no authentication, ...

SUSE CVE-2016-8674

The pdftonum function in pdf-object.c in MuPDF before 1.10 allows remote attackers to cause a denial of service use-after-free and application crash via a crafted file...

SUSE CVE-2017-8053

PoDoFo 0.9.5 allows denial of service infinite recursion and stack consumption via a crafted PDF file in PoDoFo::PdfParser::ReadDocumentStructure PdfParser.cpp...

Google Chrome integer overflow vulnerability (CNVD-2019-23135)

Chrome is a web browsing tool developed by Google. An integer overflow vulnerability exists in PDFium in versions prior to Google Chrome 73.0.3683.75. An attacker can exploit this vulnerability to potentially perform out-of-bounds memory access via a crafted PDF file...

UBUNTU-CVE-2018-17461

An out of bounds read in PDFium in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file...

UBUNTU-CVE-2018-18336

Incorrect object lifecycle in PDFium in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file...

CVE-2018-6088

An iterator-invalidation bug in PDFium in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file...

Denial of Service Vulnerability in Kingsoft PDF Reader (CNVD-2018-26092)

Kingsoft PDF Reader is a compact and stable PDF reading tool. Kingsoft PDF Reader has a denial of service vulnerability that can be exploited by attackers to cause a denial of service by constructing a specific pdf file...

CVE-2018-8430

A remote code execution vulnerability exists in Microsoft Word if a user opens a specially crafted PDF file, aka "Word PDF Remote Code Execution Vulnerability." This affects Microsoft Word, Microsoft Office...

DEBIAN-CVE-2018-8001

In PoDoFo 0.9.5, there exists a heap-based buffer over-read vulnerability in UnescapeName in PdfName.cpp. Remote attackers could leverage this vulnerability to cause a denial-of-service or possibly unspecified other impact via a crafted pdf file...

DEBIAN-CVE-2018-6192

In Artifex MuPDF 1.12.0, the pdfreadnewxref function in pdf/pdf-xref.c allows remote attackers to cause a denial of service segmentation violation and application crash via a crafted pdf file...

CVE-2017-13056

The launchURL function in PDF-XChange Viewer 2.5 Build 314.0 might allow remote attackers to execute arbitrary code via a crafted PDF file...

UBUNTU-CVE-2017-6845

The PoDoFo::PdfColor::operator function in PdfColor.cpp in PoDoFo 0.9.4 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted file...

xpdf: Multiple integer overflows in JBIG2 decoder

Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service crash via a crafted PDF file, related to 1 JBIG2Stream::readSymbolDictSeg, 2 JBIG2Stream::readSymbolDictSeg, and 3...