CVE-2026-11670

Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

CVE-2026-11670

Use after free in PDF in Google Chrome prior to 149.0.7827.103 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. Chromium security severity: High...

CVE-2026-11261

Inappropriate implementation in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

CVE-2026-11261

Inappropriate implementation in PDF in Google Chrome prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to perform UI spoofing via a crafted HTML page. Chromium security severity: Low...

SUSE-SU-2026:1842-1 Security update for python-Pillow

This update for python-Pillow fixes the following issue - CVE-2026-42310: infinite loop and resource exhaustion when processing specially crafted PDFs bsc1265154...

UBUNTU-CVE-2026-40260

pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has...

CVE-2026-5894

Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

CVE-2026-5894

Inappropriate implementation in PDF in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

EUVD-2018-9432

Malware in sbrugna...

USN-7217-1 libpodofo vulnerabilities

It was discovered that the PoDoFo library could dereference a NULL pointer when getting the number of pages in a PDF. If a user or application were tricked into opening a crafted PDF file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.0...

CVE-2024-46952

An issue was discovered in pdf/pdfxref.c in Artifex Ghostscript before 10.04.0. There is a buffer overflow during handling of a PDF XRef stream related to W array values...

CVE-2024-46952

CVE-2024-46952 affects Artifex Ghostscript before 10.04.0. The issue is a buffer overflow in the PDF processing path, specifically in pdf/pdf_xref.c during handling of a PDF XRef stream (related to W array values). The vulnerability is triggered when processing certain PDF cross-reference streams...

DEBIAN-CVE-2024-7018

Heap buffer overflow in PDF in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: Medium...

CVE-2024-27346

Kofax Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must...

CVE-2023-32385

A denial-of-service issue was addressed with improved memory handling. This issue is fixed in iOS 16.5 and iPadOS 16.5, macOS Ventura 13.4. Opening a PDF file may lead to unexpected app termination...

PT-2023-3625 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 114.0.5735.90 Description: The issue is related to a use after free in PDF handling, which could allow a remote attacker to potentially exploit heap corruption via a crafted PDF file. This could impact the...

UBUNTU-CVE-2023-1530

Use after free in PDF in Google Chrome prior to 111.0.5563.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

SUSE CVE-2015-3660

Cross-site scripting XSS vulnerability in the PDF functionality in WebKit in Apple Safari before 6.2.7, 7.x before 7.1.7, and 8.x before 8.0.7 allows remote attackers to inject arbitrary web script or HTML via a crafted URL in embedded PDF content...

DEBIAN-CVE-2022-3197

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...

UBUNTU-CVE-2022-3198

Use after free in PDF in Google Chrome prior to 105.0.5195.125 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. Chromium security severity: High...