GHSA-3CV5-Q585-H563 Gotenberg has arbitrary PDF read via stampExpression and watermarkExpression in merge, split, and convert routes

Summary Six conversion routes pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, chromium/convert/markdown accept stampSource=pdf + stampExpression=/path and watermarkSource=pdf + watermarkExpression=/path from anonymous callers. The dedicated...

Google Chrome PDFium Component Heap Buffer Overflow Vulnerability

Google Chrome is a web browser from Google, an American company. A heap buffer overflow vulnerability exists in the PDFium component of Google Chrome, which can be exploited by an attacker to execute arbitrary code in the sandbox via specially crafted PDF files...

CVE-2026-28804

A flaw was found in pypdf, a pure-python PDF library. A remote attacker can exploit this vulnerability by crafting a malicious PDF file that utilizes the /ASCIIHexDecode filter. Processing this specially crafted PDF can lead to excessively long runtimes, resulting in a Denial of Service DoS for t...

MachSol MachPanel 安全漏洞

MachSol MachPanel is a cloud automation control panel and billing platform from US-based MachSol. A security vulnerability exists in MachSol MachPanel version 8.0.32, which stems from mishandling of specially crafted PDF files and could lead to the execution of arbitrary web script or HTML...

CVE-2011-10030 Foxit PDF Reader < 4.3.1.0218 JavaScript File Write

Foxit PDF Reader 4.3.1.0218 exposes a JavaScript API function, createDataObject, that allows untrusted PDF content to write arbitrary files anywhere on disk. By embedding a malicious PDF that calls this API, an attacker can drop executables or scripts into privileged folders, leading to code...

Apryse WebViewer 跨站脚本漏洞

Apryse WebViewer is a web browser from Apryse Corporation. A security vulnerability exists in Apryse WebViewer v11.1 and prior versions that originates from cross-site scripting in the rendering engine component that allows execution of arbitrary code via specially crafted PDF files...

KioWare 安全漏洞

KioWare is a suite of self-service terminal browser software. The software has the ability to restrict end-user access to specific interfaces. A security vulnerability exists in KioWare 8.34 and earlier versions, which stems from a vulnerability that allows getting rid of the environment by...

CVE-2023-47251

In mprivacy-tools before 2.0.406g in m-privacy TightGate-Pro Server, a Directory Traversal in the print function of the VNC service allows authenticated attackers with access to a VNC session to automatically transfer malicious PDF documents by moving them into the .spool directory, and then...

SUSE CVE-2007-4352

Array index error in the DCTStream::readProgressiveDataUnit method in xpdf/Stream.cc in Xpdf 3.02pl1, as used in poppler, teTeX, KDE, KOffice, CUPS, and other products, allows remote attackers to trigger memory corruption and execute arbitrary code via a crafted PDF file...

PDF-XChange Editor 缓冲区错误漏洞

Tracker Software PDF-XChange Editor is a suite of software for viewing and editing PDF format files from Tracker Software, a Canadian company. A buffer error vulnerability exists in PDF-XChange Editor that stems from problems parsing certain PDF files...

CVE-2022-28234

Acrobat Reader DC versions 22.001.20085 and earlier, 20.005.3031x and earlier and 17.012.30205 and earlier is affected by a heap-based buffer overflow vulnerability due to insecure handling of a crafted .pdf file, potentially resulting in arbitrary code execution in the context of the current use...

CVE-2021-27595

When a user opens manipulated Portable Document Format .PDF files received from untrusted sources in SAP 3D Visual Enterprise Viewer, the application crashes and becomes temporarily unavailable to the user until restart of the application...

poppler: divide-by-zero in function SplashOutputDev::tilingPatternFill in SplashOutputDev.cc

A divide-by-zero error was found in the way Poppler handled certain PDF files. A remote attacker could exploit this flaw by providing a malicious PDF file that, when processed by an application linked to Poppler, would crash the application causing a denial of service...

Google Chrome PDFium Buffer Overflow Vulnerability

Google Chrome is the United States Google Google company developed a Web browser. PDFium is one of the open source PDF rendering engine. A buffer overflow vulnerability exists in PDFium in versions prior to Google Chrome 69.0.3497.81, which stems from the program's failure to perform boundary...

Improper Input Validation

Overview Affected versions of this package are vulnerable to Improper Input Validation. In Poppler 0.59.0, a floating point exception occurs in Splash::scaleImageYuXd in Splash.cc, which may lead to a potential attack when handling malicious PDF files. Remediation There is no fixed version for...

QPDF Denial of Service Vulnerability (CNVD-2017-30595)

QPDF is content preserving PDF conversion system. The QPDF tokenizer implementation has a security vulnerability that allows remote attackers to exploit the vulnerability to build special PDF files that can be parsed by inducing users and can be used for denial-of-service attacks...

Adobe Digital Editions Remote Code Execution Vulnerability (CNVD-2016-07527)

Adobe Digital Editions is an eBook reading management tool developed by Adobe. Adobe Digital Editions has a security vulnerability, carefully constructed PDF files can make Adobe Digital Editions trigger a memory corruption vulnerability, an attacker can take advantage of this vulnerability in th...

Adobe Digital Editions Remote Code Execution Vulnerability (CNVD-2016-07529)

Adobe Digital Editions is an eBook reading management tool developed by Adobe. Adobe Digital Editions has a security vulnerability, carefully constructed PDF files can make Adobe Digital Editions trigger a memory corruption vulnerability, an attacker can take advantage of this vulnerability in th...

Unspecified Memory Leakage Vulnerability in Adobe Reader/Acrobat

Adobe Reader/Acrobat are popular applications for processing PDF files. A memory disclosure vulnerability exists in Adobe Reader/Acrobat's handling of special PDF files, which allows remote attackers to exploit the vulnerability to build malicious files that can be parsed by the user and can be...

PDF JBIG2 multiple input validation flaws

Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file...