CVE-2026-10118

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

EUVD-2021-14301

Malware in sbrugna...

EUVD-2009-0789

Malware in sbrugna...

EUVD-2017-11959

Malware in sbrugna...

EUVD-2019-18915

Malware in sbrugna...

EUVD-2014-7794

Malware in sbrugna...

EUVD-2019-4789

Malware in sbrugna...

EUVD-2018-19138

Malware in sbrugna...

EUVD-2022-46120

Malicious code in bioql PyPI...

EUVD-2022-34737

Malicious code in bioql PyPI...

EUVD-2022-40814

Malicious code in bioql PyPI...

CVE-2011-4217

Investintech.com SlimPDF Reader does not properly restrict read operations during block data moves, which allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PDF document...

CVE-2020-6113

An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for...

CVE-2020-6112

An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile which...

CVE-2022-3196

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...

CVE-2018-7455

An out-of-bounds read in JPXStream::readTilePart in JPXStream.cc in xpdf 4.00 allows attackers to launch denial of service via a specific pdf file, as demonstrated by pdftohtml...

EUVD-2022-3126

The XML parsers in iText before 5.5.12 and 7.x before 7.0.3 do not disable external entities, which might allow remote attackers to conduct XML external entity XXE attacks via a crafted PDF...

Able2Extract and Able2Extract Server 6.0 - Memory Corruption

No description provided by source. Exploit Title: Able2Extract and Able2Extract Server v 6.0 Memory Corruption Date: June 24 2012 Exploit Author: Carlos Mario Penagos Hollmann Vendor Homepage: www.investintech.com Version:6.0 Tested on: Windows 7 CVE : cve-2011-4222 payload =A12000 crash=startxre...

Hacker Finds a Way to Exploit PDF Files, Without Vulnerability

SEE: Updated report with response from Adobe and FoxIt Software A security researcher has managed to create a proof-of-concept PDF file that executes an embedded executable without exploiting any security vulnerabilities. The PDF hack, when combined with clever social engineering techniques, coul...

New pdf 0day here-vulnerability warning-the black bar safety net

Source: alert7 Below this is old. http://insecureweb.com/%20/newish-web-based-pdf-attack-in-the-wild-with-real-exploit-code/ New pdf 0day here http://vrt-sourcefire.blogspot.com/2009/02/have-nice-weekend-pdf-love.html Maybe you read Michael Howard's twitter feed. If so, you may be wondering why y...