SUSE CVE-2026-12460

Insufficient policy enforcement in File System Access in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted PDF file. Chromium security severity: High...

CVE-2026-5287

The CVE-2026-5287 issue affects Google Chrome prior to 146.0.7680.178, caused by a use-after-free in the PDF handling path, allowing a remote attacker to execute arbitrary code within the browser sandbox via a crafted PDF. The connected sources corroborate this memory safety fault in Chrome/Chrom...

PT-2025-52674

Name of the Vulnerable Software and Affected Versions Umbraco CMS version 16.3.3 Description An arbitrary file upload issue exists in Umbraco CMS version 16.3.3. Attackers can potentially execute arbitrary code by uploading a specially crafted PDF file. The supplier disputes responsibility, stati...

CVE-2025-56526

CVE-2025-56526 concerns Kotaemon 0.11.0 and is described as a cross-site scripting (XSS) vulnerability. The issue allows an attacker to execute arbitrary code through a crafted PDF rendered by Kotaemon. The published descriptor includes a CVSS 3.1 base score of 6.1 (Medium) with network attack ve...

SUSE CVE-2007-6725

The CCITTFax decoding filter in Ghostscript 8.60, 8.61, and possibly other versions, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted PDF file that triggers a buffer underflow in the cfdecode2d function...

SUSE CVE-2017-18267

The FoFiType1C::cvtGlyph function in fofi/FoFiType1C.cc in Poppler through 0.64.0 allows remote attackers to cause a denial of service infinite recursion via a crafted PDF file, as demonstrated by pdftops...

SUSE CVE-2018-16648

In Artifex MuPDF 1.13.0, the fzappendbyte function in fitz/buffer.c allows remote attackers to cause a denial of service segmentation fault via a crafted pdf file. This is caused by a pdf/pdf-device.c pdfdevalpha array-index underflow...

The vulnerability of the PDFium component in the Google Chrome browser allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the PDFium component in the Google Chrome browser relates to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information through a specially created PD...

多款Adobe产品缓冲区错误漏洞

Adobe Acrobat is a set of PDF file editing and conversion tools. The software is used to print, sign and annotate PDFs.Several Adobe products are vulnerable to an out-of-bounds reading vulnerability, which stems from a boundary error when processing PDF files. A remote attacker could use the...

多款Adobe产品缓冲区错误漏洞

Adobe Acrobat is a set of PDF file editing and conversion tools. The software is used to print, sign and annotate PDFs.Several Adobe products are vulnerable to an out-of-bounds read vulnerability, which stems from a boundary error when processing PDF files. A remote attacker could use the...

Adobe Acrobat and Reader 资源管理错误漏洞

Adobe Acrobat, a PDF file editing and conversion tool from Adobe, is vulnerable to a resource management error in Adobe Acrobat and Reader, which results from a post-release usage error when processing PDF files. A remote attacker could exploit the vulnerability to create a specially crafted PDF...

Adobe Acrobat Reader Dc 代码问题漏洞

Adobe Acrobat Reader Dc is a Pdf reading tool from Adobe USA. Used to reliably view, print and annotate Pdf documents. Adobe Acrobat Reader Dc has a code issue vulnerability that stems from a NULL pointer dereference error. A remote attacker could use the vulnerability to trick victims into openi...

多款Foxit产品资源管理错误漏洞

Foxit PhantomPDF and others are products of Foxit, a Chinese company.Foxit PhantomPDF is a PDF document reader.Foxit PDF Reader is a PDF reader.Foxit PDF Editor is a PDF editor. A resource management error vulnerability exists in multiple Foxit models, which stems from a failure to properly...

PT-2021-2326 · Adobe · Acrobat Reader

Name of the Vulnerable Software and Affected Versions: Acrobat Reader DC versions 2020.013.20074 and earlier Acrobat Reader DC versions 2020.001.30018 and earlier Acrobat Reader DC versions 2017.011.30188 and earlier Description: The issue is related to a memory corruption vulnerability that can ...

USN-4646-1 poppler vulnerabilities

It was discovered that Poppler incorrectly handled certain files. If a user or automated system were tricked into opening a crafted PDF file, an attacker could cause a denial of service...

Buffer overflow vulnerability in multiple Apple products (CNVD-2020-65914)

Apple iOS is an operating system developed for mobile devices. apple tvOS is an operating system for smart TVs. tvOS is an operating system for smart TVs. A buffer overflow vulnerability exists in multiple Apple products, allowing remote attackers to exploit the vulnerability by submitting a...

CVE-2020-24409

Adobe Illustrator version 24.2 and earlier is affected by an out-of-bounds read vulnerability when parsing crafted PDF files. This could result in a read past the end of an allocated memory structure, potentially resulting in arbitrary code execution in the context of the current user. This...

The vulnerabilities of PDF viewing and editing programs like Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, Adobe Acrobat 2015, and Adobe Acrobat Reader 2015 are related to memory usage after it is freed. This allows attackers to execute arbitrary code.

The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2015/Reader 2015 is related to the use of memory after it is freed. Exploiting this vulnerability can...

DEBIAN-CVE-2020-16305

A buffer overflow vulnerability in pcxwriterle in contrib/japanese/gdev10v.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51...

DEBIAN-CVE-2020-16295

A null pointer dereference vulnerability in cljmediasize in devices/gdevclj.c of Artifex Software GhostScript v9.50 allows a remote attacker to cause a denial of service via a crafted PDF file. This is fixed in v9.51...