Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): pdftron
- Search Type: Search All
- CPE Name Search: false
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2022-39019 |
Broken access controls on PDFtron WebviewerUI in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to upload malicious files to the application server. Published: October 31, 2022; 5:15:12 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-39018 |
Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL. Published: October 31, 2022; 5:15:12 PM -0400 |
V3.1: 7.5 HIGH V2.0:(not available) |
CVE-2022-39016 |
Javascript injection in PDFtron in M-Files Hubshare before 3.3.10.9 allows authenticated attackers to perform an account takeover via a crafted PDF upload. Published: October 31, 2022; 5:15:11 PM -0400 |
V3.1: 8.8 HIGH V2.0:(not available) |
CVE-2022-27871 |
Autodesk AutoCAD product suite, Revit, Design Review and Navisworks releases using PDFTron prior to 9.1.17 version may be used to write beyond the allocated buffer while parsing PDF files. This vulnerability may be exploited to execute arbitrary code. Published: June 21, 2022; 11:15:08 AM -0400 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2022-27527 |
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files. It was fixed in PDFTron earlier than 9.0.7 version in Autodesk Navisworks 2022, and 2020. Published: April 19, 2022; 5:15:18 PM -0400 |
V3.1: 7.8 HIGH V2.0: 4.4 MEDIUM |
CVE-2022-24960 |
A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows. Published: March 10, 2022; 12:46:58 PM -0500 |
V3.1: 7.8 HIGH V2.0: 4.3 MEDIUM |
CVE-2021-40161 |
A Memory Corruption vulnerability may lead to code execution through maliciously crafted DLL files through PDFTron earlier than 9.0.7 version. Published: December 23, 2021; 2:15:12 PM -0500 |
V3.1: 7.8 HIGH V2.0: 4.4 MEDIUM |
CVE-2021-40160 |
PDFTron prior to 9.0.7 version may be forced to read beyond allocated boundaries when parsing a maliciously crafted PDF file. This vulnerability can be exploited to execute arbitrary code. Published: December 23, 2021; 2:15:12 PM -0500 |
V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2021-39307 |
PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code. Published: September 15, 2021; 9:15:08 AM -0400 |
V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |