VYPR
Vendor

PDFTron

Products
2
CVEs
5
Across products
5
Status
Private

Products

2

Recent CVEs

5
  • CVE-2022-39016HigOct 31, 2022
    risk 0.53cvss 8.2epss 0.00

    Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload.

  • CVE-2021-40161HigDec 23, 2021
    risk 0.51cvss 7.8epss 0.01

    A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version.

  • CVE-2021-40160HigDec 23, 2021
    risk 0.51cvss 7.8epss 0.02

    PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code.

  • CVE-2022-24960MedMar 10, 2022
    risk 0.42cvss 6.5epss 0.01

    A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows.

  • CVE-2021-39307MedSep 15, 2021
    risk 0.40cvss 6.1epss 0.01

    PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code.