Lucene search
K

3094 matches found

RedhatCVE
RedhatCVE
added yesterday5 views

CVE-2026-59936

A flaw was found in pypdf, a pure-Python PDF library. A remote attacker can craft a malicious PDF document containing an unterminated inline image within its page content stream. When a user processes this crafted PDF, such as during text extraction, the vulnerability causes an infinite loop,...

8.7CVSS5.9AI score0.00301EPSS
Exploits0References7
CVE
CVE
added 2 days ago8 views

CVE-2026-59937

CVE-2026-59937 affects the Python PDF library pypdf prior to 6.14.0. A crafted PDF with repeated malformed cross-reference streams can cause pypdf to spend long runtimes recovering broken cross-reference table entries, resulting in high impact on availability. The issue is fixed in version 6.14.0...

7.5CVSS6AI score0.00301EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2 days ago5 views

PT-2026-56546

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.14.2 Description An attacker can craft a PDF file with a page content stream containing an unterminated inline image that utilizes ASCII85 or ASCIIHex filters. This leads to an infinite loop during the parsing process...

8.7CVSS6AI score0.00329EPSS
Exploits0References11
OSV
OSV
added 2026/07/01 11:16 p.m.3 views

DEBIAN-CVE-2026-14404

Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00202EPSS
Exploits0References1
NVD
NVD
added 2026/07/01 11:16 p.m.7 views

CVE-2026-14404

Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. Chromium security severity: Medium...

6.5CVSS0.00202EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/07/01 10:21 p.m.6 views

CVE-2026-14404

Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. Chromium security severity: Medium...

5.8AI score0.00202EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2026/07/01 10:21 p.m.13 views

CVE-2026-14404

CVE-2026-14404 affects Google Chrome via an incorrect implementation in PDFium, enabling a remote attacker to achieve UI spoofing through a crafted PDF file. The vulnerability is tied to Chrome versions before 150.0.7871.46 (Chromium security severity: Medium). The underlying root cause is an ina...

6.5CVSS5.8AI score0.00202EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/07/01 10:21 p.m.24 views

CVE-2026-14404

Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. Chromium security severity: Medium...

0.00202EPSS
Exploits0References2
Debian CVE
Debian CVE
added 2026/07/01 10:21 p.m.7 views

CVE-2026-14404

Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. Chromium security severity: Medium...

6.5CVSS5.8AI score0.00202EPSS
Exploits0
OSV
OSV
added 2026/06/30 11:17 p.m.3 views

DEBIAN-CVE-2026-14108

Use after free in PDFium in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

8.8CVSS6.2AI score0.00259EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/30 10:39 p.m.6 views

CVE-2026-14108

Use after free in PDFium in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

8.8CVSS6.2AI score0.00259EPSS
Exploits0
OSV
OSV
added 2026/06/30 10:16 p.m.6 views

DEBIAN-CVE-2026-57204

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream...

6.5CVSS5.7AI score0.00206EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/24 8:39 p.m.8 views

CVE-2026-54651

A flaw was found in pypdf. An attacker can craft a malicious PDF file that, when merged with threads or articles into a writer, can lead to an an infinite loop. This vulnerability can result in a Denial of Service DoS condition, making the affected system unresponsive. Mitigation If PDF processin...

6.9CVSS5.8AI score0.00111EPSS
Exploits0References6
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.8 views

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in PDFium in Google Chrome prior to version 147.0.7727.101 allowed a remote attacker to execute arbitrary code within a sandbox through a crafted PDF file. Chromium security severity: High...

8.8CVSS7.9AI score0.00336EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.13 views

Astra Linux – Vulnerability in Chromium

A heap buffer overflow in PDFium in Google Chrome prior to version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted PDF file. Chromium security severity: High...

8.8CVSS6.1AI score0.0025EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/23 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2026-49460

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes...

5.1CVSS5.8AI score0.00117EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/22 3:56 a.m.5 views

poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

7.8CVSS6.1AI score0.00252EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.3 views

Amazon Linux 2023 : compat-poppler22, compat-poppler22-cpp (ALAS2023-2026-1851)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1851 advisory. A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the...

7.8CVSS6.1AI score0.00252EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.7 views

Astra Linux – Vulnerability in GhostScript

A buffer overflow vulnerability exists in the cljmediasize function in devices/gdevclj.c within Artifex Ghostscript 9.50. This vulnerability allows remote attackers to cause a denial of service or other unspecified impacts by opening crafted PDF documents...

7.8CVSS7.4AI score0.00707EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.16 views

Astra Linux – Vulnerability in GhostScript

A divide-by-zero issue was discovered in epsprintpage within gdevepsn.c in Artifex Software GhostScript 9.50. This issue allows remote attackers to cause a denial of service by opening crafted PDF files...

5.5CVSS6.2AI score0.00619EPSS
Exploits1References2
Rows per page
Query Builder