VYPR

PDFTron SDK

by PDFTron

CVEs (4)

  • CVE-2022-39016HigOct 31, 2022
    risk 0.53cvss 8.2epss 0.00

    Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload.

  • CVE-2021-40161HigDec 23, 2021
    risk 0.51cvss 7.8epss 0.01

    A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.

  • CVE-2021-40160HigDec 23, 2021
    risk 0.51cvss 7.8epss 0.02

    PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.

  • CVE-2022-24960MedMar 10, 2022
    risk 0.42cvss 6.5epss 0.01

    A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows.