8 matches found
CVE-2018-18689
CVE-2018-18689 describes a Signature Wrapping issue in PDF signature validation caused by missing guidance in the PDF spec, allowing attackers to manipulate /ByteRange and xref without detection. The vulnerability affects Foxit Reader before 9.4 and PhantomPDF before 8.3.9 and 9.x before 9.4, as ...
CVE-2018-19150
CVE-2018-19150 affects pdfforge PDF Architect 6. The vulnerability is a memory corruption in PDMODELProvidePDModelHFT inside pdmodel.dll caused by Data from Faulting Address controls Code Flow, allowing remote attackers to cause a denial of service (application crash) and possibly other impact. T...
CVE-2025-14416
The CVE-2025-14416 issue affects pdfforge PDF Architect and stems from the DOC file processing path that allows dangerous script execution without user warning. This enables remote code execution with the user’s privileges when a target visits a malicious page or opens a malicious file, requiring...
CVE-2025-14419
The CVE-2025-14419 issue affects pdfforge PDF Architect and is due to improper validation during PDF file parsing, causing memory corruption and potential remote code execution. Exploitation requires user interaction (visit a malicious page or open a malicious file). The vulnerability is confirme...
CVE-2025-14417
The CVE-2025-14417 vulnerability affects pdfforge PDF Architect, specifically the Launch action. The issue allows remote code execution when a user visits a crafted page or opens a malicious file, due to executing dangerous scripts without a user warning. The attack requires user interaction and ...
CVE-2025-14420
pdfforge PDF Architect is affected by a CBZ file parsing directory traversal vulnerability that leads to Remote Code Execution. The flaw arises from insufficient validation of a user-supplied path before file operations, allowing an attacker to execute code in the context of the current user afte...
CVE-2025-14421
pdfforge PDF Architect is affected by a PDF parsing out-of-bounds read information disclosure vulnerability (CVE-2025-14421). The flaw arises from insufficient validation of user-supplied data during PDF parsing, allowing reading past the end of an allocated object. Exploitation requires user int...
CVE-2025-14418
pdfforge PDF Architect is affected by a vulnerability in XLS file processing that allows remote code execution when a user opens a malicious file or visits a malicious page. The flaw stems from executing dangerous scripts without sufficient UI warnings, enabling code execution under the current u...