Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via the ReadDictionary function. An attacker can trigger application crashes or potentially execute arbitrary code by supplying a specially crafted PDF file. Remediation There is no fixed version for podofo. References -...

Linux Distros Unpatched Vulnerability : CVE-2022-34503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of...

UBUNTU-CVE-2021-25786

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to PlASCII85Decoder::write parameter in libqpdf...

DEBIAN-CVE-2023-33733

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file...

PT-2018-3984 · Google · Google Chrome

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 73.0.3683.75 Description: The issue is related to insufficient data validation in PDF files, which can allow a remote attacker to perform out of bounds memory access via a crafted PDF file. This can potentially...

CVE-2017-5036

A use after free in PDFium in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed a remote attacker to have an unspecified impact via a crafted PDF file...