22 matches found
CVE-2026-49461
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12....
PT-2026-49730
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.12.2 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that causes excessive memory consumption. This occurs when extracting text from a page containing a form XObject a reusable PDF...
Linux Distros Unpatched Vulnerability : CVE-2017-5991
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdfrunxobject function in pdf-op-run.c encounters a NULL pointer...
Design/Logic Flaw
XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object and to craft a...
CVE-2023-29206 org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins
XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object and to craft a...
GHSA-9HQH-FMHG-VQ2J Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml
Impact Any user with the right to edit his personal page can follow one of the scenario below: Scenario 1: - Log in as a simple user with just edit rights on the user profile - Go to the user's profile - Upload an attachment in the attachment tab at the bottom of the page any image is fine - Clic...
CVE-2021-39843 Adobe Acrobat Reader XObject Out-of-Bound Write Vulnerability
Acrobat Reader DC versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...
CVE-2020-11493
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject...
Design/Logic Flaw
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject...
CVE-2020-11493
In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject...
SRC-2020-00 : Foxit Reader XObject Stream Uninitialized Object Information Disclosure Vulnerability
Vulnerability Details: This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exis...
UBUNTU-CVE-2017-5991
An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdfrunxobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fzpaintpixmapwithmask painting operation. Versions 1.11 and later are unaffected...
PT-2017-16811 · Artifex +1 · Mupdf +1
Name of the Vulnerable Software and Affected Versions: Artifex MuPDF versions prior to 1912de5f08e90af1d9d0a9791f58ba3afdb9d465 Artifex MuPDF versions prior to 1.11 Description: An issue was discovered in the pdf run xobject function in pdf-op-run.c, which encounters a NULL pointer dereference...
Adobe Reader DC XObject stream Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing o...
Adobe Acrobat Pro DC XObject stream Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Pro DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within handling of...
Adobe Reader DC 15.010.20060 - Memory Corruption
Adobe Reader DC 15.010.20060 - Memory Corruption Title: Adobe Reader DC = 15.010.20060 - Memory corruption Application: Adobe Reader DC Version: 15.010.20060 and earlier versions Platform: Windows and Macintosh Software Link: https://acrobat.adobe.com/ca/fr/acrobat/pdf-reader.html Date: May 10,...
Adobe Reader DC 15.010.20060 - Memory Corruption
Exploit for multiple platform in category dos / poc Title: Adobe Reader DC = 15.010.20060 - Memory corruption Application: Adobe Reader DC Version: 15.010.20060 and earlier versions Platform: Windows and Macintosh Software Link: https://acrobat.adobe.com/ca/fr/acrobat/pdf-reader.html Date: May 10...
Adobe Reader DC 15.010.20060 - Memory Corruption
Title: Adobe Reader DC = 15.010.20060 - Memory corruption Application: Adobe Reader DC Version: 15.010.20060 and earlier versions Platform: Windows and Macintosh Software Link: https://acrobat.adobe.com/ca/fr/acrobat/pdf-reader.html Date: May 10, 2016 CVE: CVE-2016-1077 Author: Pier-Luc Maltais...
Adobe Reader DC XObject Image Parsing Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
PDF Shaper Buffer Overflow
This module requires Metabuffer: http://metabuffer.com/download Current source: https://github.com/rapid7/metabuffer-framework require 'msf/core' class Metasploit3 'PDF Shaper Buffer Overflow', 'Description' = %q PDF Shaper is prone to a security vulnerability when processing PDF files. The...