3085 matches found
DEBIAN-CVE-2026-14404
Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. Chromium security severity: Medium...
CVE-2026-14404
Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. Chromium security severity: Medium...
CVE-2026-14404
Inappropriate implementation in PDFium in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to perform UI spoofing via a crafted PDF file. Chromium security severity: Medium...
CVE-2026-14404
CVE-2026-14404 affects Google Chrome via an incorrect implementation in PDFium, enabling a remote attacker to achieve UI spoofing through a crafted PDF file. The vulnerability is tied to Chrome versions before 150.0.7871.46 (Chromium security severity: Medium). The underlying root cause is an ina...
DEBIAN-CVE-2026-14108
Use after free in PDFium in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...
CVE-2026-14108
Use after free in PDFium in Google Chrome prior to 150.0.7871.47 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...
CVE-2026-54651
A flaw was found in pypdf. An attacker can craft a malicious PDF file that, when merged with threads or articles into a writer, can lead to an an infinite loop. This vulnerability can result in a Denial of Service DoS condition, making the affected system unresponsive. Mitigation If PDF processin...
Astra Linux – Vulnerability in Chromium
A heap buffer overflow in PDFium in Google Chrome prior to version 146.0.7680.153 allowed a remote attacker to potentially exploit heap corruption through a crafted PDF file. Chromium security severity: High...
Linux Distros Unpatched Vulnerability : CVE-2026-49460
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes...
poppler: Integer overflow in Poppler SplashOutputDev::tilingPatternFill leads to heap buffer overflow via unchecked dimension multiplication
A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...
Amazon Linux 2023 : compat-poppler22, compat-poppler22-cpp (ALAS2023-2026-1851)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1851 advisory. A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the...
Astra Linux – Vulnerability in GhostScript
A buffer overflow vulnerability exists in the cljmediasize function in devices/gdevclj.c within Artifex Ghostscript 9.50. This vulnerability allows remote attackers to cause a denial of service or other unspecified impacts by opening crafted PDF documents...
Astra Linux – Vulnerability in qpdf
A issue was discovered in QPDF version 10.0.4, allowing remote attackers to execute arbitrary code via a crafted .pdf file, through the PlASCII85Decoder::write parameter in libqpdf...
Astra Linux – Vulnerability in Poppler
A vulnerability was discovered in the freedesktop Poppler version 20.12.1. This vulnerability allows remote attackers to trigger a Denial-of-Service DoS attack through a crafted .pdf file, targeting the FoFiType1C::cvtGlyph function...
Astra Linux – Vulnerability in Chromium
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file...
Astra Linux – Vulnerability in Chromium
Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file...
Astra Linux – Vulnerability in poppler, poppler-22
Poppler prior to and including version 22.08.0 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIGStream.cc. Processing a specially crafted PDF file or JBIG2 image may lead to a crash or the execution of arbitrary code. This is similar to the vulnerability...
Astra Linux – Vulnerability in imagemagick
An integer overflow issue was discovered in ImageMagick’s ExportIndexQuantum function in MagickCore/quantum-export.c. Function calls to GetPixelIndex could result in values that are outside the representable range for ‘unsigned char’. When ImageMagick processes a specially crafted PDF file, this...
Astra Linux – Vulnerability in libpodofo
In PoDoFo 0.9.5, there exists an infinite loop vulnerability in PdfParserObject::ParseFileComplete in PdfParserObject.cpp, which may lead to a stack overflow. Remote attackers could exploit this vulnerability to cause a denial-of-service attack, or potentially cause other unspecified impacts...
Astra Linux – Vulnerability in Firefox and Thunderbird
If a user opens a specially crafted PDF file, the PDF reader may be tricked into leaking cross-origin information, when such information is served as chunked data. This vulnerability affects Firefox versions earlier than 85, Thunderbird versions earlier than 78.7, and Firefox ESR versions earlier...