Pdfium
by Google
CVEs (31)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-5855 | 0.00 | — | 0.01 | Nov 25, 2019 | Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||
| CVE-2019-13679 | 0.00 | — | 0.01 | Nov 25, 2019 | Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file. | |||
| CVE-2019-5820 | 0.00 | — | 0.01 | Jun 27, 2019 | Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file. | |||
| CVE-2015-6779 | 0.00 | — | 0.02 | Dec 6, 2015 | PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a chrome://settings URL. | |||
| CVE-2015-6775 | 0.00 | — | 0.02 | Dec 6, 2015 | fpdfsdk/src/jsapi/fxjs_v8.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, does not use signatures, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion." | |||
| CVE-2015-1273 | 0.00 | — | 0.02 | Jul 23, 2015 | Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document. | |||
| CVE-2015-1259 | 0.00 | — | 0.01 | May 20, 2015 | PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | |||
| CVE-2015-1225 | 0.00 | — | 0.01 | Mar 9, 2015 | PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | |||
| CVE-2014-9647 | 0.00 | — | 0.01 | Jan 27, 2015 | Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdk_mgr.cpp, a… | |||
| CVE-2014-7901 | 0.00 | — | 0.01 | Nov 19, 2014 | Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long… | |||
| CVE-2014-7900 | 0.00 | — | 0.01 | Nov 19, 2014 | Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a… |
- CVE-2019-5855Nov 25, 2019risk 0.00cvss —epss 0.01
Integer overflow in PDFium in Google Chrome prior to 76.0.3809.87 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2019-13679Nov 25, 2019risk 0.00cvss —epss 0.01
Insufficient policy enforcement in PDFium in Google Chrome prior to 77.0.3865.75 allowed a remote attacker to show print dialogs via a crafted PDF file.
- CVE-2019-5820Jun 27, 2019risk 0.00cvss —epss 0.01
Integer overflow in PDFium in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to potentially exploit heap corruption via a crafted PDF file.
- CVE-2015-6779Dec 6, 2015risk 0.00cvss —epss 0.02
PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a chrome://settings URL.
- CVE-2015-6775Dec 6, 2015risk 0.00cvss —epss 0.02
fpdfsdk/src/jsapi/fxjs_v8.cpp in PDFium, as used in Google Chrome before 47.0.2526.73, does not use signatures, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
- CVE-2015-1273Jul 23, 2015risk 0.00cvss —epss 0.02
Heap-based buffer overflow in j2k.c in OpenJPEG before r3002, as used in PDFium in Google Chrome before 44.0.2403.89, allows remote attackers to cause a denial of service or possibly have unspecified other impact via invalid JPEG2000 data in a PDF document.
- CVE-2015-1259May 20, 2015risk 0.00cvss —epss 0.01
PDFium, as used in Google Chrome before 43.0.2357.65, does not properly initialize memory, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
- CVE-2015-1225Mar 9, 2015risk 0.00cvss —epss 0.01
PDFium, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
- CVE-2014-9647Jan 27, 2015risk 0.00cvss —epss 0.01
Use-after-free vulnerability in PDFium, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document, related to fpdfsdk/src/fpdfview.cpp and fpdfsdk/src/fsdk_mgr.cpp, a…
- CVE-2014-7901Nov 19, 2014risk 0.00cvss —epss 0.01
Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long…
- CVE-2014-7900Nov 19, 2014risk 0.00cvss —epss 0.01
Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a…
Page 2 of 2