65 matches found
Exploit for Injection in Traceroute_Project Traceroute
node-vulnerable This repository is a synthetic demo target...
📄 pdf-image 2.0.0 Command Injection
In pdf-image version 2.0.0, a security issue allows OS command injection when untrusted input is passed to the PDFImage constructor and later processed by methods such as getInfo...
DEBIAN-CVE-2026-3308
An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...
CVE-2026-3308
An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...
📄 pdf-image 2.0.0 Command Injection
pdf-image through version 2.0.0 allows OS command injection via the pdfFilePath argument. The package builds shell command strings with util.format and executes them with childprocess.exec. If an application passes an attacker-controlled file path into PDFImage, shell metacharacters in that path...
GHSA-Q5MH-72XG-628W pdf-image has an OS Command Injection Vulnerability through its pdfFilePath parameter
pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via...
@edropin/canvas (>=1.1.0 <=2.0.0), @launchtray/hatch-test-pdf (>=0.11.2 <=0.23.0-alpha.17) +15 more potentially affected by CVE-2026-26830 via pdf-image (>=1.1.0 <=2.0.0)
pdf-image NPM version =1.1.0, =1.1.0, =0.11.2, =0.2.0, =0.0.2, =0.13.0-beta.1, =0.0.2, =0.0.12, =0.19.5, =0.0.2, =0.1.1, =0.3.0, =0.1.1, =1.0.0, =1.0.0, =1.0.5 and more Source cves: CVE-2026-26830 Source advisory: OSV:GHSA-Q5MH-72XG-628W...
pdf-image has an OS Command Injection Vulnerability through its pdfFilePath parameter
pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via...
EUVD-2026-15457
pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via childprocess.e...
CVE-2026-26830
pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via childprocess.e...
CVE-2026-26830
pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via childprocess.e...
CVE-2026-26830
pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via childprocess.e...
pdf-image 安全漏洞
pdf-image is a Node.js tool developed by Masafumi Oyamada for converting PDFs to PNG images. Versions of pdf-image 2.0.0 and earlier contain security vulnerabilities. These vulnerabilities stem from the fact that the pdfFilePath parameter is not verified, which may lead to OS command injection...
CVE-2026-26830
Summary of CVE-2026-26830 (pdf-image) : The npm package pdf-image (versions up to 2.0.0) is vulnerable to OS command injection through the pdfFilePath parameter. The functions constructGetInfoCommand and constructConvertCommandForPage interpolate user-controlled file paths into shell command stri...
CVE-2026-26830
pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via childprocess.e...
Exploit for CVE-2026-26830
CVE-2026-26830: OS command injection in pdf-image Summary...
CVE-2023-40196
Unauth. Reflected Cross-Site Scripting XSS vulnerability in ImageRecycle ImageRecycle pdf & image compression plugin = 3.1.11 versions...
EUVD-2020-0787
Malware in sbrugna...
EUVD-2021-1188
Malware in sbrugna...
CVE-2024-9241
The PDF Image Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of addqueryarg without appropriate escaping on the URL in all versions up to, and including, 1.5.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in...