GHSA-PGX6-7JCQ-2QFF PDFME has SSRF via Unvalidated URL Fetch in `getB64BasePdf` When `basePdf` Is Attacker-Controlled

Summary The getB64BasePdf function in @pdfme/common fetches arbitrary URLs via fetch without any validation when basePdf is a non-data-URI string and window is defined. An attacker who can control the basePdf field of a template e.g., through a web application that accepts user-supplied templates...

CVE-2025-64512

pdfminer.six contains an insecure deserialization vulnerability in the CMap loading path. The library uses pickle.loads() to deserialize CMap cache files; a malicious PDF can cause execution of code by pointing to a crafted .pickle.gz in the cmap directory. Affected releases are before the upstre...

EUVD-2025-38315

Arbitrary Code Execution in pdfminer.six via Crafted PDF Input...

EUVD-2025-31647

Malicious code in bioql PyPI...

CVE-2025-59933

libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines...

UBUNTU-CVE-2025-59933

libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines...

CVE-2025-59933

libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines...

Linux Distros Unpatched Vulnerability : CVE-2024-2971

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds array write in Xpdf 4.05 and earlier, triggered by negative object number in indirect reference in the input PDF file. CVE-2024-2971 Note that...

Linux Distros Unpatched Vulnerability : CVE-2022-30775

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by for example sending a crafted PDF document to the pdftoppm...

PT-2024-1464 · Postman · Postman

Name of the Vulnerable Software and Affected Versions: Postman versions 10.22 and earlier Description: The issue allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. It is related to a buffer overflow when handling PDF files without...

CVE-2022-30775

xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by for example sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKECXXCOMPILER=afl-clang-fast++ option...

CVE-2022-30775

xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by for example sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKECXXCOMPILER=afl-clang-fast++ option...

UBUNTU-CVE-2022-30775

xpdf 4.04 allocates excessive memory when presented with crafted input. This can be triggered by for example sending a crafted PDF document to the pdftoppm binary. It is most easily reproduced with the DCMAKECXXCOMPILER=afl-clang-fast++ option...

Adobe Acrobat Reader - ASLR + DEP Bypass with Sandbox Bypass

CVE-2013-0640/1 Somehow, our script got on to the Russian forums :/ @w3bd3vil and @abh1sek Exploit-DB Mirror: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/29881.tar.gz Adobe Acrobat Reader ASLR/DEP bypass Exploit with SANDBOX BYPASS...