UBUNTU-CVE-2026-10118

A flaw was found in Poppler's Splash backend. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when rendered, triggers an integer overflow in the tilingPatternFill function. This overflow leads to an undersized heap memory allocation, allowing a subsequent...

CVE-2026-10118

CVE-2026-10118 – Poppler Splash backend integer overflow : The vulnerability affects Poppler’s Splash backend, in the tilingPatternFill path, where crafted PDFs can trigger an integer overflow that yields an undersized heap allocation, enabling an out-of-bounds write. This can lead to arbitrary c...

Linux Distros Unpatched Vulnerability : CVE-2026-48156

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes...

DEBIAN-CVE-2026-48155

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0...

CVE-2026-48155

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0...

pypdf 安全漏洞

pypdf is an open-source, free, and pure Python PDF library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages of PDF files. Prior to version 6.12.0, pypdf had security vulnerabilities. These vulnerabilities stemmed from the use of cross-references involving valu...

Google Chrome 资源管理错误漏洞

Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 148.0.7778.216 contained a resource management vulnerability. This vulnerability stemmed from the Views component’s ability to re-use resources after release, potentially allowing remote attackers to exploi...

Debian dla-4597 : atril - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dla-4597 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-4597-1 [email protected] https://www.debian.org/lts/security/...

SUSE SLES15 Security Update : python-Pillow (SUSE-SU-2026:1842-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:1842-1 advisory. This update for python-Pillow fixes the following issue - CVE-2026-42310: infinite loop and resource exhaustion when processing specially crafted PDFs...

DHTMLX Gantt 路径遍历漏洞

DHTMLX Gantt is a JavaScript Gantt chart component developed by DHTMLX Corporation. It supports project planning, task scheduling, and timeline visualization. Versions of DHTMLX Gantt prior to 0.7.6 contained a path traversal vulnerability. This vulnerability stemmed from a lack of HTML cleaning,...

Unity Linux 20.1060e / 20.1070e Security Update: pdfbox (UTSA-2026-017627)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-017627 advisory. In Apache PDFBox 1.8.0 to 1.8.15 and 2.0.0RC1 to 2.0.11, a carefully crafted PDF file can trigger an extremely long running computation when parsing the page tree...

Pillow 安全漏洞

Pillow is an open-source image processing library developed by Pillow. Versions of Pillow from 4.2.0 to 12.2.0 contained security vulnerabilities. These vulnerabilities were due to malicious PDFs, which could cause processes to hang indefinitely, consume 100% of the CPU resources, and render the...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the pdfContext.setOption process. An attacker can access arbitrary files readable by the PHP worker by uploading a crafted PDF invoice template that triggers the embedding of file contents into the generated PDF...

External Control of File Name or Path

Overview Affected versions of this package are vulnerable to External Control of File Name or Path via the stampExpression and watermarkExpression parameters in the merge, split, and convert routes. An attacker can access the contents of arbitrary PDF files on the server by supplying a path to a...

Linux Distros Unpatched Vulnerability : CVE-2018-25306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge...

Astra Linux - уязвимость в firefox, thunderbird

An attacker could, through a specially crafted multipart response, execute arbitrary JavaScript under the resource://pdf.js origin. This would allow them to access cross-origin PDF content. This access is limited to “same site” documents due to the Site Isolation feature on desktop clients, but...

Astra Linux - уязвимость в imagemagick

ImageMagick versions before 6.9.11-40 and 7.x before 7.0.10-40 mishandle the -authenticate option, which allows setting a password for password-protected PDF files. The user-controlled password was not properly escaped/sanitized, allowing additional shell commands to be injected through...

CVE-2018-25306 PDFunite 0.41.0 Buffer Overflow via Malformed PDF

PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation fault in the XRef::getEntry function within libpoppler by providing a specially crafted PDF...

EUVD-2018-21827

PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation fault in the XRef::getEntry function within libpoppler by providing a specially crafted PDF...

CVE-2018-25306

PDFunite 0.41.0 contains a local buffer overflow in processing malformed PDFs during merge, causing a segmentation fault via XRef::getEntry in libpoppler when a crafted PDF is merged. This is a local-impact vulnerability that can crash the pdfunite utility; exploitation details and a validated fi...