CVE-2024-4367

FishyPDF FishyPDF is a viewer and analyzer for inspecting suspicious PDF files It is based heavily on Mozilla's PDFjs with more secure defaults and some additional analysis features added Code structure Since this project is a modified version of the original PDFjs web viewer, some of the code is hard to cleanly separate The directory third_party/pdfjs/ contains a cop

CVE-2024-4367 arbitrary js execution in pdf js

CVE-2024-4367 POC Usage python pocpy maliciouspdf "alert\('S4vvy')" References CVE-2024-4367: Arbitrary JS Execution in PDFjs PDFjs

CVE-2024-4367, CVE-2024-34342 Proof of Concept

CVE-2024-4367: Arbitrary JavaScript execution in PDFjs A type check was missing when handling fonts in PDFjs, which would allow arbitrary JavaScript execution in the PDFjs context This vulnerability affects Firefox < 126, Firefox ESR < 11511, and Thunderbird < 11511 If pdfjs is used to load a malicious PDF, and PDFjs is configured with isEvalSuppor

CVE-2024-4367 mitigation for Odoo 14.0

pdfjs_disable_eval Module for disabling JavaScript evaluation in PDFjs This works around the missing fix in Odoo 140 for CVE-2024-4367

YARA detection rule for CVE-2024-4367 arbitrary javascript execution in PDF.js

Detect CVE-2024-4367 Quick-and-dirty YARA detection rule for CVE-2024-4367 arbitrary javascript execution in PDFjs Usage $ yara expl_pdfjs_cve_2024_4367yar poc_generalized_CVE-2024-4367pdf EXPL_PDFJS_CVE_2024_4367 poc_generalized_CVE-2024-4367pdf Credits POC and disclosure from codeanlabscom/blog/research/cve-2024-4367-arbit