CVE-2026-42310 Pillow: PDF Parsing Trailer Infinite Loop (DoS)

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

OESA-2026-1956 gimp security update

The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...

OESA-2026-1955 gimp security update

The GIMP is an image composition and editing program, which can be used for creating logos and other graphics for Web pages. The GIMP offers many tools and filters, and provides a large image manipulation toolbox, including channel operations and layers, effects, subpixel imaging and antialiasing...

perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input

A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service DoS by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This...

MiracleLinux 9 : expat-2.5.0-5.el9_7.1 (AXSA:2025-11542:06)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-11542:06 advisory. expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing CVE-2025-59375...

Soda PDF Desktop Out-of-Bounds Read Vulnerability

Soda PDF Desktop is a professional PDF processing software that integrates reading, editing, creating, converting and managing PDF documents. Soda PDF Desktop has an out-of-bounds read vulnerability that stems from a lack of validation of user-supplied data when parsing PDF files, which can be...

CVE-2019-16550

A cross-site request forgery vulnerability in a connection test form method in Jenkins Maven Release Plugin 0.16.1 and earlier allows attackers to have Jenkins connect to an attacker specified web server and parse XML documents...

CVE-2025-14410

Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must...

CVE-2025-14409

Soda PDF Desktop PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-14419

pdfforge PDF Architect PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of pdfforge PDF Architect. User interaction is required to exploit this vulnerability in that the target mu...

EUVD-2025-204993

Soda PDF Desktop PDF File Parsing Memory Corruption Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must...

CVE-2025-14409

Soda PDF Desktop PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2025-14408

Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must...

CVE-2025-14410 Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Soda PDF Desktop PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Soda PDF Desktop. User interaction is required to exploit this vulnerability in that the target must...

CVE-2025-14421

pdfforge PDF Architect is affected by a PDF parsing out-of-bounds read information disclosure vulnerability (CVE-2025-14421). The flaw arises from insufficient validation of user-supplied data during PDF parsing, allowing reading past the end of an allocated object. Exploitation requires user int...

Soda PDF Desktop 缓冲区错误漏洞

Soda PDF Desktop is a full-featured PDF editing software from Soda Canada. Soda PDF Desktop suffers from a buffer error vulnerability that stems from a lack of validation of user-supplied data when parsing PDF files, which could lead to out-of-bounds reads and information disclosure...

CVE-2025-66499

A heap-based buffer overflow vulnerability exists in the PDF parsing of Foxit PDF Reader when processing specially crafted JBIG2 data. An integer overflow in the calculation of the image buffer size may occur, potentially allowing a remote attacker to execute arbitrary code...

CVE-2025-66494

A use-after-free vulnerability exists in the PDF file parsing of Foxit PDF Reader before 2025.2.1, 14.0.1, and 13.2.1 on Windows. A PDF object managed by multiple parent objects could be freed while still being referenced, potentially allowing a remote attacker to execute arbitrary code...

CVE-2025-66494

CVE-2025-66494 is a Foxit PDF Reader use-after-free vulnerability in the PDF file parsing on Windows, affecting versions before 2025.2.1, 14.0.1 and 13.2.1. A PDF object managed by multiple parents could be freed while still referenced, potentially allowing remote code execution. Multiple sources...

expat: heap-based buffer over-read via crafted XML input

In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XMLGetCurrentLineNumber or XMLGetCurrentColumnNumber then resulted in a heap-based buffer over-read...