ROOT-APP-NPM-CVE-2024-4367 CVE-2024-4367 in @rootio/pdfjs-dist - Patched by Root

Root has patched CVE-2024-4367 in the @rootio/pdfjs-dist package for Root:npm. Multiple fixed versions available...

Malicious code in pdfjs-dist-fourth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcaf355459e8baaef860a557036e51431e6eb6c44dcba0e800579cf978f2f64d The package pdfjs-dist-fourth was found to contain malicious code. Source: ossf-package-analysis...

MAL-2026-1257 Malicious code in pdfjs-dist-fourth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fcaf355459e8baaef860a557036e51431e6eb6c44dcba0e800579cf978f2f64d The package pdfjs-dist-fourth was found to contain malicious code. Source: ossf-package-analysis...

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in pdfjs-dist

Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of pdfjs-dist Vulnerability Details CVEID:CVE-2024-4367 DESCRIPTION: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This...

Remote Code Execution (RCE)

pdfjs-dist is vulnerable to Remote Code Execution RCE. The vulnerability is due to the default setting isEvalSupported set to true, which allows unrestricted execution of attacker-controlled JavaScript within the hosting domain context...

@accoio/react-pdf-highlighter (>=2.0.0 <=2.0.1), @activelylearn/react-pdf (>=2.5.0 <=2.5.2) +97 more potentially affected by CVE-2018-5158 via pdfjs-dist (>=2.0.104 <=2.0.489)

pdfjs-dist NPM version =2.0.104, =2.0.0, =2.5.0, =1.0.32, =1.2.0, =15.0.0, =6.0.0, =39.0.0, =7.0.0, =110.0.0, =7.0.0, =6.0.0, =3.0.6, =8.0.0, =9.0.0, =4.0.9, =4.2.1 and more Source cves: CVE-2018-5158 Source advisory: OSV:GHSA-7JG2-JGV3-FMR4...

Code Injection

pdfjs-dist is vulnerable to code injection vulnerability. This is because it does not sufficiently sanitize PostScript calculator functions which allows an attacker to inject malicious JavaScript through a crafted PDF file...

Cross-site Scripting (XSS)

Overview pdfjs-dist is a Portable Document Format PDF library that is built with HTML5. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through...