VYPR

Pdfium

by Google

CVEs (31)

  • CVE-2016-5140CriAug 7, 2016
    risk 0.64cvss 9.8epss 0.02

    Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data.

  • CVE-2026-11306HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)

  • CVE-2026-11305HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)

  • CVE-2026-11304HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: Low)

  • CVE-2026-11303HigJun 5, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in PDFium in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted PDF file. (Chromium security severity: Low)

  • CVE-2026-9958HigMay 28, 2026
    risk 0.57cvss 8.8epss 0.00

    Use after free in PDFium in Google Chrome prior to 148.0.7778.216 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. (Chromium security severity: High)

  • CVE-2017-15411HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-15410HigAug 28, 2018
    risk 0.57cvss 8.8epss 0.02

    Use after free in PDFium in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-5127HigFeb 7, 2018
    risk 0.57cvss 8.8epss 0.02

    Use after free in PDFium in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2017-5111HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in PDFium in Google Chrome prior to 61.0.3163.79 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit memory corruption via a crafted PDF file.

  • CVE-2017-5108HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.01

    Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file.

  • CVE-2017-5095HigOct 27, 2017
    risk 0.57cvss 8.8epss 0.02

    Stack overflow in PDFium in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to potentially exploit stack corruption via a crafted PDF file.

  • CVE-2016-5211HigJan 19, 2017
    risk 0.57cvss 8.8epss 0.01

    A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2016-5210HigJan 19, 2017
    risk 0.57cvss 8.8epss 0.02

    Heap buffer overflow during TIFF image parsing in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.

  • CVE-2016-5184HigDec 18, 2016
    risk 0.57cvss 8.8epss 0.01

    PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android incorrectly handled object lifecycles in CFFL_FormFillter::KillFocusForAnnot, which allowed a remote attacker to potentially exploit heap corruption via crafted PDF files.

  • CVE-2016-5183HigDec 18, 2016
    risk 0.57cvss 8.8epss 0.01

    A heap use after free in PDFium in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android allows a remote attacker to potentially exploit heap corruption via crafted PDF files.

  • CVE-2016-5152HigSep 11, 2016
    risk 0.57cvss 8.8epss 0.02

    Integer overflow in the opj_tcd_get_decoded_tile_size function in tcd.c in OpenJPEG, as used in PDFium in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to cause a denial of service (heap-based buffer overflow) or…

  • CVE-2015-1239MedOct 18, 2017
    risk 0.42cvss 6.5epss 0.01

    Double free vulnerability in the j2k_read_ppm_v3 function in OpenJPEG before r2997, as used in PDFium in Google Chrome, allows remote attackers to cause a denial of service (process crash) via a crafted PDF.

  • CVE-2016-5220MedJan 19, 2017
    risk 0.42cvss 6.5epss 0.01

    PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android incorrectly handled navigation within PDFs, which allowed a remote attacker to read local files via a crafted PDF file.

  • CVE-2016-5216MedJan 19, 2017
    risk 0.41cvss 6.3epss 0.01

    A use after free in PDFium in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to perform an out of bounds memory read via a crafted PDF file.

Page 1 of 2