textract is vulnerable to OS Command Injection

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...

CVE-2026-26831

textract through 2.5.0 is vulnerable to OS Command Injection via the file path parameter in multiple extractors. When processing files with malicious filenames, the filePath is passed directly to childprocess.exec in lib/extractors/doc.js, rtf.js, dxf.js, images.js, and lib/util.js with inadequat...

Linux Distros Unpatched Vulnerability : CVE-2017-15601

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In GNU Libextractor 1.4, there is a heap-based buffer overflow in the EXTRACTORpngextractmethod function in plugins/pngextractor.c, related to processiTXt and...

MAL-2025-24148 Malicious code in k8s-image-extractor (npm)

The package k8s-image-extractor was found to contain malicious code...

Malicious code in k8s-image-extractor (npm)

The package k8s-image-extractor was found to contain malicious code...

DEBIAN-CVE-2019-20093

The PoDoFo::PdfVariant::DelayedLoad function in PdfVariant.h in PoDoFo 0.9.6 allows remote attackers to cause a denial of service NULL pointer dereference via a crafted file, because of ImageExtractor.cpp...

Memory Corruption Vulnerability in iPubsoft PDF Image Extractor

iPubsoft PDF Image Extractor is a PDF processing tool. A memory corruption vulnerability exists in iPubsoft PDF Image Extractor, which can be exploited by attackers to crash the program by constructing malformed PDF files...