2 matches found
CVE-2026-33929
CVE-2026-33929 concerns Apache PDFBox Examples, specifically the ExtractEmbeddedFiles code path traversal. Affected: PDFBox 2.0.24–2.0.36 and 3.0.0–3.0.7. The vulnerability arises when extracting files, allowing write access to arbitrary paths if the user has write rights (examples mention /home/...
CVE-2026-23907
Summary (CVE-2026-23907) Apache PDFBox’s ExtractEmbeddedFiles example contained a path traversal vulnerability (CWE-22) where the filename from PDComplexFileSpecification.getFilename() was appended to the extraction path. Affected versions: 2.0.24–2.0.35 and 3.0.0–3.0.6. Subsequent releases 2.0.3...