CVE-2026-44348

PoDoFo is a C++17 PDF manipulation library. From 1.0.0 to before 1.0.4, a double-free vulnerability exists in computehashtosign in src/podofo/private/OpenSSLInternalRipped.cpp. If EVPDigestFinal fails after buf has already been freed, the Error label frees buf a second time, causing heap...

EUVD-2023-1823

Malicious code in bioql PyPI...

EUVD-2022-53438

Malicious code in bioql PyPI...

CVE-2022-26109

When a user opens a manipulated Portable Document Format .pdf, PDFView.x3d received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application...

USN-7217-1: PoDoFo library vulnerabilities

It was discovered that the PoDoFo library could dereference a NULL pointer when getting the number of pages in a PDF. If a user or application were tricked into opening a crafted PDF file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.0...

Schweizerische Steuerkonferenz SSK eSteuerauszug 安全漏洞

Schweizerische Steuerkonferenz SSK eSteuerauszug is an electronic tax form standard from the Swiss team at Schweizerische Steuerkonferenz SSK. A security vulnerability in Schweizerische Steuerkonferenz SSK eSteuerauszug, which stems from an improperly set default setting in DocumentBuilder, could...

CVE-2023-46250 pypdf possible Infinite Loop when PdfWriter(clone_from) is used with a PDF

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affec...

QPDF Command Injection Vulnerability

QPDF is a software application. A C++ library and a set of programs to inspect and manipulate the structure of PDF files. A security vulnerability exists in all versions of QPDF, which stems from the inability of the encrypt method to filter parameters, resulting in a command injection...

CVE-2023-36810

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of t...

CVE-2023-36807 Infinite Loop when reading malformed objects in pypdf

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single co...

Stack overflow

Due to lack of proper memory management, when a victim opens a manipulated Portable Document Format .pdf, PDFPublishing.dll file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible that a Remote Code Execution can be triggered when payload forces a...

Design/Logic Flaw

Due to lack of proper memory management, when a victim opens manipulated Portable Document Format .pdf, PDFPublishing.dll file received from untrusted sources in SAP 3D Visual Enterprise Author - version 9, it is possible for the application to crash and becomes temporarily unavailable to the use...

CVE-2022-26109

When a user opens a manipulated Portable Document Format .pdf, PDFView.x3d received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2022-26109

When a user opens a manipulated Portable Document Format .pdf, PDFView.x3d received from untrusted sources in SAP 3D Visual Enterprise Viewer - version 9.0, the application crashes and becomes temporarily unavailable to the user until restart of the application...

Fedora: Security Advisory for python-pikepdf (FEDORA-2021-4bf9909a76)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for python-pikepdf (FEDORA-2021-4bf9909a76)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-pikepdf (FEDORA-2021-d97bc581be)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory for python-pikepdf (FEDORA-2021-5e598049a1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-27595

When a user opens manipulated Portable Document Format .PDF files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

CVE-2021-27595

When a user opens manipulated Portable Document Format .PDF files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...