CVE-2026-46529

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A single-click remote code execution vulnerability in versions prior to 1.26.3 and 1.28.4 allows an attacker to achieve arbitrary code execution as the user by tricking them into clicking a link inside...

UBUNTU-CVE-2026-42310

Pillow is a Python imaging library. From version 4.2.0 to before version 12.2.0, an attacker can supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This issue has been patched in version 12.2.0...

CVE-2026-40980

In Spring AI, a memory exhaustion vulnerability exists in the ForkPDFLayoutTextStripper when processing a malicious PDF. Affected versions are Spring AI 1.0.0–1.0.5 (fixed in 1.0.6) and 1.1.0–1.1.4 (fixed in 1.1.5). The CVSS data indicates availability impact is High, with network attack and low ...

Simply opening a PDF could trigger this Adobe Reader zero-day

Opening the wrong PDF in Adobe Reader was enough to let criminals quietly spy on your computer and unleash more attacks, even though everything looked normal. A researcher analyzed a malicious PDF and found that it abused a previously unknown flaw a “zero‑day” in Adobe Acrobat Reader. When a vict...

CVE-2025-69437

PublicCMS v5.202506.d and earlier is vulnerable to stored XSS. Uploaded PDFs can contain JavaScript payloads and bypass PDF security checks in the backend CmsFileUtils.java. If a user uploads a PDF file containing a malicious payload to the system and views it, the embedded JavaScript payload can...

Vulnerabilities fixed in Foxit Reader

Foxit has fixed vulnerabilities in Foxit Reader Specific to version 2025.1.0.27937. The vulnerabilities are in the way Foxit Reader handles PDF files. Malicious parties can exploit these vulnerabilities by tricking users into opening a malicious PDF file or visiting a malicious website, which can...

Autodesk Revit 缓冲区错误漏洞

Autodesk Revit is a suite of building information modeling software from Autodesk, Inc. in the United States. A security vulnerability exists in Autodesk Revit that originates from a malicious PDF file that causes memory corruption, which could lead to the execution of arbitrary code...

Vulnerability of the Adobe Acrobat browser extension developed by Microsoft Edge, allowing a hacker to execute arbitrary code

The vulnerability of the Adobe Acrobat browser extension for Microsoft Edge relates to the execution of operations beyond the buffer in memory. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created malicious PDF file...

PT-2022-26986 · Foxit · Foxit Pdf Reader

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader version 12.0.1.12430 Description: This issue allows remote attackers to disclose sensitive information on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious...

The vulnerability of Adobe Illustrator’s graphic editor arises from an operation that goes beyond buffer boundaries in memory, allowing attackers to gain unauthorized access to protected information.

The vulnerability of Adobe Illustrator’s graphic editor arises from an operation that goes beyond the buffer boundaries in memory. Exploiting this vulnerability can allow a malicious individual to gain unauthorized access to protected information through a specially crafted PDF file...

The vulnerabilities of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, and Adobe Acrobat 2020 are related to access to an uninitialized pointer, allowing attackers to execute arbitrary code.

The vulnerability of PDF viewing and editing programs such as Adobe Acrobat Document Cloud, Adobe Acrobat Reader Document Cloud, Adobe Acrobat 2017, Adobe Acrobat Reader 2017, Adobe Acrobat 2020, and Adobe Acrobat Reader 2020 is related to access to an uninitialized pointer. Exploiting this...

Mozilla: Malicious PDF can inject JavaScript into PDF Viewer

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...

Adobe Acrobat/Reader Memory Corruption Vulnerability (CNVD-2017-25779)

Adobe Reader/Acrobat is a popular application for working with PDF files. A memory corruption vulnerability exists in Adobe Reader/Acrobat. Allowing an attacker to construct a malicious PDF file and trick the user into parsing it could crash the application or execute arbitrary code...

Adobe Acrobat/Reader Memory Disclosure Vulnerability (CNVD-2015-06748)

Adobe Reader/Acrobat is a popular application for working with PDF files. A memory disclosure vulnerability exists in Adobe Reader/Acrobat. An attacker is allowed to construct a malicious PDF file and trick the user into parsing it, which can obtain sensitive memory information...

Adobe Acrobat/Reader Buffer Overflow Information Disclosure Vulnerability

Adobe Reader/Acrobat is a popular application for working with PDF files. An unspecified buffer overflow vulnerability exists in Adobe Reader/Acrobat. This allows an attacker to construct a malicious PDF file and trick the user into parsing it, which could crash the application or execute arbitra...

Adobe Acrobat/Reader Memory Corrupted Code Execution Vulnerability (CNVD-2015-06745)

Adobe Reader/Acrobat is a popular application for working with PDF files. An unspecified memory corruption vulnerability exists in Adobe Reader/Acrobat. The vulnerability allows an attacker to construct a malicious PDF file and trick the user into parsing it, which could crash the application or...

Adobe Acrobat/Reader Javascript API Execution Bypass Vulnerability (CNVD-2015-06691)

Adobe Reader/Acrobat is a popular application for working with PDF files. An unspecified security vulnerability exists in Adobe Reader/Acrobat. The vulnerability allows attackers to construct malicious PDF files and trick users into parsing them, which can bypass Javascript API implementation...