192 matches found
PT-2026-55311
Name of the Vulnerable Software and Affected Versions pdfcpu versions prior to 0.11.2 Description A denial-of-service issue exists where the parser descends recursively through nested PDF objects, including arrays, without enforcing a maximum nesting depth. This occurs within the ParseObjectConte...
GHSA-FHP4-PR5J-46M5 Muhammara has a NULL pointer dereference in LZWDecode filter when DecodeParms omits EarlyChange key
Summary A NULL pointer dereference vulnerability exists in PDFParser::CreateFilterForStream when processing a PDF stream with /Filter /LZWDecode and a /DecodeParms dictionary that does not contain the EarlyChange key. This causes an access violation 0xC0000005 and crashes the process. Affected...
MiracleLinux 3 : tetex-3.0-33.15.1.0.1.AXS3 (AXSA:2012-906:01)
The remote MiracleLinux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2012-906:01 advisory. TeTeX is an implementation of TeX for Linux or UNIX systems. TeX takes a text file and a set of formatting commands as input and creates a...
Exploit for Improper Restriction of XML External Entity Reference in Apache Tika
Apache Tika XXE Vulnerability Tester CVE-2025-54988 A compr...
Apache Tika has XXE vulnerability
Critical XXE in Apache Tika tika-core 1.13-3.2.1, tika-pdf-module 2.0.0-3.2.1 and tika-parsers 1.13-1.28.5 modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as in CVE-2025-54988...
EUVD-2025-34838
In Xpdf 4.05 and earlier, a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow...
EUVD-2020-27228
Malware in sbrugna...
EUVD-2018-1800
Malware in sbrugna...
EUVD-2021-0175
Malware in sbrugna...
EUVD-2018-1797
Malware in sbrugna...
EUVD-2010-3687
Malware in sbrugna...
EUVD-2018-1801
Malware in sbrugna...
EUVD-2011-3860
Malware in sbrugna...
EUVD-2010-3685
Malware in sbrugna...
EUVD-2018-1798
Malware in sbrugna...
XML External Entity Injection (XXE)
org.apache.tika, tika-parser-pdf-module is vulnerable to XML External Entity XXE injection. The vulnerability is due to improper handling of crafted XFA files inside PDFs, which allows an attacker to read sensitive data or trigger malicious requests to internal or third-party servers...
Linux Distros Unpatched Vulnerability : CVE-2015-8981
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the PdfParser::ReadXRefSubsection function in base/PdfParser.cpp in PoDoFo allows attackers to have unspecified impact via vectors...
Linux Distros Unpatched Vulnerability : CVE-2017-8378
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap-based buffer overflow in the PdfParser::ReadObjects function in base/PdfParser.cpp in PoDoFo 0.9.5 allows remote attackers to cause a denial of service...
ai.driftkit:driftkit-context-engineering-spring-ai-starter (>=0.6.0 <=0.8.7), ai.driftkit:driftkit-context-engineering-spring-boot-starter (>=0.5.0 <=0.8.7) +326 more potentially affected by CVE-2025-54988 via org.apache.tika:tika-parser-pdf-module (>=2.0.0-ALPHA <=3.2.1)
org.apache.tika:tika-parser-pdf-module MAVEN version =2.0.0-ALPHA, =0.6.0, =0.5.0, =0.7.0, =0.7.0, =0.5.0, =0.8.3, =0.8.3, =0.8.3, =0.5.0, =0.5.0, =1.2.0, =1.0.3.1-JDK21, =1.0.0, =1.0.0, =1.0, =1.4 and more Source cves: CVE-2025-54988 Source advisory: OSV:GHSA-P72G-PV48-7W9X...
CVE-2025-54988 Apache Tika PDF parser module: XXE vulnerability in PDFParser's handling of XFA
Critical XXE in Apache Tika tika-parser-pdf-module in Apache Tika 1.13 through and including 3.2.1 on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. An attacker may be able to read sensitive data or trigger malicious requests to...