16 matches found
EUVD-2024-1756
Malicious code in bioql PyPI...
[SECURITY] Fedora 41 Update: php-tcpdf-6.9.1-1.fc41
PHP class for generating PDF documents. no external libraries are required for the basic functions; all standard page formats, custom page formats, custom margins and units of measure; UTF-8 Unicode and Right-To-Left languages; TrueTypeUnicode, OpenTypeUnicode, TrueType, OpenType, Type1 and CID-0...
CVE-2024-28109
veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...
CVE-2024-52800
veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...
CVE-2024-52800 Potential XXE (XML External Entity Injection) vulnerability in veraPDF CLI
veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. This doesn't affect the standard validation and policy checks functionality...
SUSE-SU-2024:4054-1 Security update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop
This update for javapackages-tools, xmlgraphics-batik, xmlgraphics-commons, xmlgraphics-fop fixes the following issues: xmlgraphics-fop was updated from version 2.8 to 2.10: - Security issues fixed: CVE-2024-28168: Fixed improper restriction of XML External Entity XXE reference bsc1231428 -...
Fedora 40 : php-tcpdf (2024-afeeca72ce)
The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-afeeca72ce advisory. Version 6.7.7 2024-10-26 - Update regular expression to avoid ReDoS CVE-2024-22641 - PHP 8.4 Fix: Curl CURLOPTBINARYTRANSFER deprecated 675 - SVG detection f...
CVE-2024-28109
veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...
CVE-2024-28109 Potential XSLT injection vulnerability when using policy files
veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...
CVE-2024-28109
CVE-2024-28109 affects veraPDF-library, a PDF/A validation library. Executing policy checks with custom Schematron files triggers an XSL transformation, which can lead to a remote code execution (RCE). Impact is stated as high severity (CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). The issue is...
CVE-2024-28109 Potential XSLT injection vulnerability when using policy files
veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...
CVE-2024-28109 Potential XSLT injection vulnerability when using policy files
veraPDF-library is a PDF/A validation library. Executing policy checks using custom schematron files invokes an XSL transformation that could lead to a remote code execution RCE vulnerability. This vulnerability is fixed in 1.24.2...
veraPDF-library 安全漏洞
veraPDF-library is veraPDF open source an open source PDF/A validation library . A security vulnerability exists in veraPDF-library. Attackers can use the vulnerability to remotely execute code...
Adobe Digital Editions 4.5.0 - '.pdf' Critical Memory Corruption
Title: Adobe Digital Editions = 4.5.0 - Critical memory corruption Application: Adobe Digital Editions Version: 4.5.0 and earlier versions Platform: Windows, Macintosh, iOS and Android Software Link: http://www.adobe.com/solutions/ebook/digital-editions.html Date: March 8, 2016 CVE: CVE-2016-0954...
Adobe Digital Editions 4.5.0 - .pdf Critical Memory Corruption
Adobe Digital Editions 4.5.0 - .pdf Critical Memory Corruption Title: Adobe Digital Editions = 4.5.0 - Critical memory corruption Application: Adobe Digital Editions Version: 4.5.0 and earlier versions Platform: Windows, Macintosh, iOS and Android Software Link:...
Adobe Digital Editions嵌入式字体处理内存破坏漏洞(CVE-2013-1377)
BUGTRAQ ID: 61528 CVECAN ID: CVE-2013-1377 Adobe Digital Editions是阅读和管理电子书及其他数字出版物的软件,支持工业标准电子书格式,例如PDF/A、EPUB。 Adobe Digital Editions 2.0.67532的rmsdkwrapper.dll模块会在处理嵌入字体流的CVT程序表时出错,攻击者通过PDF文件内的特制字体流,利用此漏洞可破坏内存。 0 Adobe Digital Editions 2.0.67532 厂商补丁: Adobe -----...