VYPR

PDF Image

by PDF Image Project

Source repositories

CVEs (1)

  • CVE-2026-26830CriMar 25, 2026
    risk 0.64cvss 9.8epss 0.02

    pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-controlled file paths into shell command strings that are…