Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-pdf vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2021-38568
An issue exists in Foxit Reader and PhantomPDF prior to 10.1.4. It allows memory corruption during conversion of a PDF document to a different document format.
Foxitsoftware Foxit Reader
Foxitsoftware Phantompdf
NA
CVE-2014-0512
Adobe Reader 11.0.06 allows malicious users to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.
Adobe Acrobat Reader 11.0.6
6.5
CVSSv3
CVE-2022-1067
Navigating to a specific URL with a patient ID number will result in the server generating a PDF of a lab report without authentication and rate limiting.
Lifepoint Patient Portal
NA
CVE-2009-5044
contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) prior to 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.
Apple Mac Os X
Gnu Groff 1.16.1
Gnu Groff 1.16
Gnu Groff 1.19.2
Gnu Groff 1.18.1
Gnu Groff 1.11a
Gnu Groff
Gnu Groff 1.19.1
Gnu Groff 1.20
Gnu Groff 1.19
Gnu Groff 1.14
Gnu Groff 1.17.2
Gnu Groff 1.10
Gnu Groff 1.17.1
Gnu Groff 1.11
Gnu Groff 1.15
7.8
CVSSv3
CVE-2012-2142
The error function in Error.cc in poppler prior to 0.21.4 allows remote malicious users to execute arbitrary commands via a PDF containing an escape sequence for a terminal emulator.
Freedesktop Poppler
Xpdfreader Xpdf 3.02
Redhat Enterprise Linux 5.0
Redhat Enterprise Linux 6.0
Opensuse Opensuse 12.2
9.8
CVSSv3
CVE-2018-21244
An issue exists in Foxit PhantomPDF prior to 8.3.6. It allows arbitrary application execution via an embedded executable file in a PDF portfolio, aka FG-VD-18-029.
Foxitsoftware Phantompdf
6.1
CVSSv3
CVE-2018-19289
An issue exists in Valine v1.3.3. It allows HTML injection, which can be exploited for JavaScript execution via an EMBED element in conjunction with a .pdf file.
Valine.js Valine 1.3.3
6.5
CVSSv3
CVE-2017-3115
Adobe Acrobat Reader 2017.009.20058 and previous versions, 2017.008.30051 and previous versions, 2015.006.30306 and previous versions, and 11.0.20 and previous versions has an information disclosure vulnerability when handling links in a PDF document.
Adobe Acrobat Dc
Adobe Acrobat Reader Dc
Adobe Acrobat
Adobe Reader
7.8
CVSSv3
CVE-2016-4059
Use-after-free vulnerability in Foxit Reader and PhantomPDF prior to 7.3.4 on Windows allows remote malicious users to execute arbitrary code via a crafted FlateDecode stream in a PDF document.
Foxitsoftware Foxit Reader
Foxitsoftware Phantompdf
NA
CVE-2015-3632
Foxit Reader, Enterprise Reader, and PhantomPDF prior to 7.1.5 allow remote malicious users to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file.
Foxitsoftware Phantompdf
Foxitsoftware Foxit Reader
Foxitsoftware Enterprise Reader
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »