EUVD-2018-21799

jiNa OCR Image to Text 1.0 contains a denial of service vulnerability that allows local attackers to crash the application by processing a malformed PNG file. Attackers can create a specially crafted PNG file with an oversized buffer and trigger the crash when the application attempts to convert...

CVE-2026-35458

Gotenberg is an API for converting document formats. In 8.29.1 and earlier, Gotenberg uses dlclark/regexp2 to compile user-supplied scope patterns without setting a proper timeout. Users with access to features using this logic can hang workers indefinitely...

EUVD-2026-19651

Gotenberg Vulnerable to ReDoS via extraHttpHeaders scope feature...

CVE-2026-27018

Gotenberg is an API for converting document formats. Prior to version 8.29.0, the fix introduced for CVE-2024-21527 can be bypassed using mixed-case or uppercase URL schemes. This issue has been patched in version 8.29.0...

CVE-2021-33793

Foxit Reader before 10.1.4 and PhantomPDF before 10.1.4 have an out-of-bounds write because the Cross-Reference table is mishandled during Office document conversion...

EUVD-2021-20470

Malware in sbrugna...

EUVD-2018-15719

Malware in sbrugna...

EUVD-2015-1991

Malware in sbrugna...

EUVD-2025-10987

Malicious code in bioql PyPI...

EUVD-2025-24187

Malicious code in bioql PyPI...

CVE-2025-30057

Technical details about CVE-2025-30057 are not publicly provided in the supplied documents. Monitor for updates when new information becomes available.

PT-2025-34852 · Uhcrtfdoc · Uhcrtfdoc

Name of the Vulnerable Software and Affected Versions: UHCRTFDoc affected versions not specified Description: The filename parameter in UHCRTFDoc can be exploited to execute arbitrary code through command injection into the system function call within the ConvertToPDF function. Recommendations: A...

CVE-2025-55151

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality /api/v1/convert/file/pdf uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the conversion process...

CVE-2025-55151

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, the "convert file to pdf" functionality /api/v1/convert/file/pdf uses LibreOffice's unoconvert tool for conversion, and SSRF vulnerabilities exist during the conversion process...

CVE-2025-55150

Stirling-PDF is a locally hosted web application that performs various operations on PDF files. Prior to version 1.1.0, when using the /api/v1/convert/html/pdf endpoint to convert HTML to PDF, the backend calls a third-party tool to process it and includes a sanitizer for security sanitization...

CVE-2021-38568

An issue was discovered in Foxit Reader and PhantomPDF before 10.1.4. It allows memory corruption during conversion of a PDF document to a different document format...

CVE-2020-27603

BigBlueButton before 2.2.27 has an unsafe JODConverter setting in which LibreOffice document conversions can access external files...

CVE-2025-31497

TEIGarage is a webservice and RESTful service to transform, convert and validate various formats, focussing on the TEI format. The Document Conversion Service contains a critical XML External Entity XXE Injection vulnerability in its document conversion functionality. The service processes XML...

CVE-2025-31497

TEIGarage’s Document Conversion Service is affected by a critical XML External Entity (XXE) injection in versions prior to 1.2.4. The vulnerability arises because external entity processing is not disabled during XML processing, allowing an attacker to read arbitrary files from the server filesys...

CVE-2025-31497 TEIGarage XML External Entity (XXE) Injection in Document Conversion Service

TEIGarage is a webservice and RESTful service to transform, convert and validate various formats, focussing on the TEI format. The Document Conversion Service contains a critical XML External Entity XXE Injection vulnerability in its document conversion functionality. The service processes XML...