235 matches found
CVE-2026-3939
CVE-2026-3939 affects Google Chrome versions prior to 146.0.7680.71, where insufficient policy enforcement in PDF handling allows a remote attacker to bypass navigation restrictions via a crafted PDF file. The vulnerability is categorized with Chromium’s security severity as Low. No exploits or e...
OPENSUSE-SU-2026:20348-1 Security update for python-PyPDF2
This update for python-PyPDF2 fixes the following issues: Changes in python-PyPDF2: - CVE-2026-28804: Denial of Service via crafted PDF with ASCIIHexDecode filter bsc1259404 - Update sources with osc run downloadfiles...
Linux Distros Unpatched Vulnerability : CVE-2026-27888
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being...
GHSA-F2V5-7JQ9-H8CG pypdf: Manipulated RunLengthDecode streams can exhaust RAM
Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. Patches This has been fixed in pypdf==6.7.4. Workarounds If you cannot upgrade yet, consider applying the changes from PR 36...
DEBIAN-CVE-2026-27888
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...
SUSE CVE-2026-2648
Heap buffer overflow in PDFium in Google Chrome prior to 145.0.7632.109 allowed a remote attacker to perform an out of bounds memory write via a crafted PDF file. Chromium security severity: High...
Improper Encoding or Escaping of Output
Overview Affected versions of this package are vulnerable to Improper Encoding or Escaping of Output via the appearanceState property of the AcroForm module. An attacker can execute arbitrary JavaScript code in the context of the PDF viewer by injecting malicious input into this property, which i...
PT-2026-20909
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1...
pypdf security vulnerability
pypdf is an open-source, free Python library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages within PDF files. Prior to version 6.6.2, pypdf had a security vulnerability due to an infinite loop, which could lead to resource consumption when processing special...
GHSA-2Q4J-M29V-HQ73 pypdf has possible Infinite Loop when processing outlines/bookmarks
Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. Patches This has been fixed in pypdf 6.6.2. Workarounds If projects cannot upgrade yet, consider applying the changes from PR 3610...
MiracleLinux 7 : okular-4.10.5-9.el7 (AXSA:2020-696:02)
The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2020-696:02 advisory. okular: local binary execution via specially crafted PDF files CVE-2020-9359 Tenable has extracted the preceding description block directly from the...
MiracleLinux 7 : poppler-0.26.5-17.el7 (AXSA:2017-2054:01)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2017-2054:01 advisory. A stack-based buffer overflow was found in the poppler library. An attacker could create a malicious PDF file that would cause applications that use...
CVE-2025-67079
File upload vulnerability in Omnispace Agora Project before 25.10 allowing attackers to execute code through the MSL engine of the Imagick library via crafted PDF file to the file upload and thumbnail functions...
EUVD-2025-202707
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely...
CVE-2025-55313
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely...
CVE-2025-55313
Summary: CVE-2025-55313 affects Foxit PDF Editor/Reader for Windows and macOS prior to 13.2 and prior to 2025.2. The issue stems from how memory allocation failures are handled after JavaScript assigns an extremely large value to a form field’s charLimit, leading to memory corruption and potentia...
CVE-2025-55309
Summary: CVE-2025-55309 affects Foxit PDF Editor/Reader on Windows and macOS prior to specific updated versions. A crafted PDF can include JavaScript that attaches an OnBlur action to a form field that destroys an annotation. During a user’s right‑click interaction, the application’s focus handli...
CVE-2025-55313
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely...
CVE-2025-55313
An issue was discovered in Foxit PDF and Editor for Windows and macOS before 13.2 and 2025 before 2025.2. They allow potential arbitrary code execution when processing crafted PDF files. The vulnerability stems from insufficient handling of memory allocation failures after assigning an extremely...
Linux Distros Unpatched Vulnerability : CVE-2025-66019
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory...