EUVD-2026-15457

pdf-image npm package through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format to interpolate user-controlled file paths into shell command strings that are executed via childprocess.e...

CVE-2026-26830

Summary of CVE-2026-26830 (pdf-image) : The npm package pdf-image (versions up to 2.0.0) is vulnerable to OS command injection through the pdfFilePath parameter. The functions constructGetInfoCommand and constructConvertCommandForPage interpolate user-controlled file paths into shell command stri...

Malicious code in util-format-url (npm)

--- -= Per source details. Do not edit below this line.=-...

DEBIAN-CVE-2021-44502

An issue was discovered in FIS GT.M through V7.0-000 related to the YottaDB code base. Using crafted input, an attacker can control the size of a memset that occurs in calls to utilformat in srunix/utiloutput.c...

PT-2022-12149 · Fis +3 · Fis Gt.M +3

Name of the Vulnerable Software and Affected Versions: FIS GT.M versions prior to V7.0-000 Description: An issue was discovered related to the YottaDB code base. Using crafted input, an attacker can control the size of a memset that occurs in calls to util format in sr unix/util output.c...

FIS GT.M 安全漏洞

FIS GT.M is a database platform. A security vulnerability exists in versions of FIS GT.M prior to V7.0-000, which can be exploited by an attacker to control the size of the memory set that appears when calling utilformat in srunix/utiloutput...