Astra Linux – Vulnerability in Poppler

A vulnerability was discovered in the freedesktop Poppler version 20.12.1. This vulnerability allows remote attackers to trigger a Denial-of-Service DoS attack through a crafted .pdf file, targeting the FoFiType1C::cvtGlyph function...

CVE-2025-7002

CVE-2025-7002 is a heap buffer out-of-bounds read vulnerability in the Avira Antivirus engine when scanning a malformed PDF, potentially allowing local code execution or crashing the antivirus process. Affected products are Avira Antivirus engines on Windows, macOS, and Linux with builds prior to...

SUSE CVE-2026-10118

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

SUSE CVE-2026-11307

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

CVE-2026-7315

A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function getpdfpath of the file src/spirepdfmcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. The attack can be launched remotely. The exploi...

DEBIAN-CVE-2026-11306

Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: Low...

DEBIAN-CVE-2026-10945

Use after free in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who convinced a user to engage in specific UI gestures to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

CVE-2026-11306

CVE-2026-11306 (Google Chrome) is a use-after-free in PDFium that allows a remote attacker to execute arbitrary code inside the sandbox via a crafted PDF file, affecting Chrome versions prior to 149.0.7827.53. The vulnerability is described across multiple sources as a PDFium issue leading to pot...

CVE-2026-11305

CVE-2026-11305 describes a use-after-free in PDFium used by Google Chrome prior to 149.0.7827.53, allowing remote code execution inside the sandbox via a crafted PDF file. Affected component: PDFium within Chrome/Chromium; vulnerability type: use-after-free. Impact as documented: high for confide...

EUVD-2026-33135

Use after free in Views in Google Chrome prior to 148.0.7778.216 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted PDF file. Chromium security severity: High...

ROS-20260515-73-0015

A vulnerability in the Google Chrome web browser is related to a buffer overflow in dynamic memory. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service using a specially crafted PDF file...

Astra Linux – Vulnerability in Chromium

Uninitialized data in PDFium in Google Chrome prior to 90.0.4430.72 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted PDF file...

CVE-2026-7315

A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function getpdfpath of the file src/spirepdfmcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. The attack can be launched remotely. The exploi...

CVE-2026-7315

A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function getpdfpath of the file src/spirepdfmcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. The attack can be launched remotely. The exploi...

CVE-2026-7315 eiceblue spire-pdf-mcp-server PDF File server.py get_pdf_path path traversal

A flaw has been found in eiceblue spire-pdf-mcp-server 0.1.1. This impacts the function getpdfpath of the file src/spirepdfmcp/server.py of the component PDF File Handler. Executing a manipulation of the argument filepath can lead to path traversal. The attack can be launched remotely. The exploi...

CVE-2026-7315

The CVE affects eiceblue spire-pdf-mcp-server v0.1.1 (PDF File Handler, get_pdf_path). A flaw allows path traversal via a manipulated filepath, enabling a remote attack. Exploit has been published; the project was informed early via an issue but has not responded. No remediation or patch version ...

CVE-2026-6306

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

CVE-2026-6305

Heap buffer overflow in PDFium in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.101 contained a security vulnerability. This vulnerability stemmed from a heap buffer overflow in the PDFium component, which could allow a remote attacker to execute arbitrary code within a...

Vulnerability fixed in Adobe Acrobat

Adobe has fixed a vulnerability in Adobe Acrobat DC, Actobat Reader DC and Acrobat 2024. A malicious party can exploit the vulnerability to execute arbitrary code on the victim's system. To do this, the malicious party needs to get the victim to open a rogue PDF file. A rogue PDF file uploaded on...