3 matches found
CVE-2020-8132
The CVE-2020-8132 issue affects the npm package pdf-image (version where
CVE-2018-3757
pdf-image prior to 2.0.0 is vulnerable to command injection via an unescaped pdfFilePath parameter, enabling arbitrary shell commands to be executed (RCE). Impact is consistent with remote code execution if an attacker controls the input. The recommended remediation is to upgrade to version 2.0.0...
CVE-2026-26830
Summary of CVE-2026-26830 (pdf-image) : The npm package pdf-image (versions up to 2.0.0) is vulnerable to OS command injection through the pdfFilePath parameter. The functions constructGetInfoCommand and constructConvertCommandForPage interpolate user-controlled file paths into shell command stri...