Deserialization of Untrusted Data

Overview pdfminer.six is a PDF parser and analyzer Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the CMapDB.loaddata function. An attacker can execute arbitrary code by crafting a malicious PDF that references a specially crafted pickle file, which is...

OESA-2025-2620 poppler security update

Poppler is a free software utility library for rendering Portable Document Format PDF documents. \ Its development is supported by freedesktop.org. It is commonly used on Linux systems,and is used by \ the PDF viewers of the open source GNOME and KDE desktop environments. Security Fixes: An issue...

Security update for poppler

This update for poppler fixes the following issues: CVE-2025-43718: fixed uncontrolled recursion in the regex-based metadata parser when processing specially crafted PDF files bsc1250908 Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: poppler (UTSA-2025-988617)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988617 advisory. An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead t...

Linux Distros Unpatched Vulnerability : CVE-2025-62707

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an...

EUVD-2018-8321

Malware in sbrugna...

EUVD-2018-11134

Malware in sbrugna...

EUVD-2023-38016

Malicious code in bioql PyPI...

EUVD-2025-26422

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2018-11254

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in PoDoFo 0.9.5. There is an Excessive Recursion in the PdfPagesTree::GetPageNode function of PdfPagesTree.cpp. Remote attackers could...

Linux Distros Unpatched Vulnerability : CVE-2021-31811

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and...

Linux Distros Unpatched Vulnerability : CVE-2021-31812

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior...

OESA-2025-2037 poppler security update

is a PDF rendering library. Security Fixes: An issue in the pdfseparate utility of freedesktop poppler v25.04.0 allows attackers to cause an infinite recursion via supplying a crafted PDF file. This can lead to a Denial of Service DoS.CVE-2025-50420...

SUSE CVE-2025-55197

pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are...

Allocation of Resources Without Limits or Throttling

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the decompressed size for the FlateDecode filter. An attacker can caus...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the PdfType::resolve which evaluates indirect and direct object references until a final value is reached. An attacker can cause memory exhaustion and crash the server by uploadin...

CVE-2023-24808

PDFio is a C library for reading and writing PDF files. In versions prior to 1.1.0 a denial of service DOS vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. The pdf which causes this crash found in testing is about 28...

SUSE CVE-2024-7018

Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: Medium...

DEBIAN-CVE-2024-20505

A vulnerability in the PDF parsing module of Clam AntiVirus ClamAV versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a...

DEBIAN-CVE-2024-7973

Heap buffer overflow in PDFium in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file. Chromium security severity: Medium...