Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by pdftron
CVE-2022-24960 (GCVE-0-2022-24960)
Vulnerability from nvd – Published: 2022-03-09 06:20 – Updated: 2024-09-17 01:46
VLAI
EPSS
VEX
Title
Use after free vulnerability in PDFTron SDK
Summary
A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows.
Severity
6.5 (Medium)
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.pdftron.com/nightly/#stable/2022-02-08/9.2/ | x_refsource_MISC |
| https://github.com/suletm/security_research/blob/… | x_refsource_MISC |
Date Public
2022-03-08 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pdftron.com/nightly/#stable/2022-02-08/9.2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/suletm/security_research/blob/main/CVE/CVE-2022-24960.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alex Niu, Tofig Suleymanov"
}
],
"datePublic": "2022-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T06:20:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pdftron.com/nightly/#stable/2022-02-08/9.2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/suletm/security_research/blob/main/CVE/CVE-2022-24960.json"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to 9.2.0 stable: https://www.pdftron.com/nightly/#stable/2022-02-08/9.2/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use after free vulnerability in PDFTron SDK",
"workarounds": [
{
"lang": "en",
"value": "No known workarounds exist."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2022-03-08T08:30:00.000Z",
"ID": "CVE-2022-24960",
"STATE": "PUBLIC",
"TITLE": "Use after free vulnerability in PDFTron SDK"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Alex Niu, Tofig Suleymanov"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pdftron.com/nightly/#stable/2022-02-08/9.2/",
"refsource": "MISC",
"url": "https://www.pdftron.com/nightly/#stable/2022-02-08/9.2/"
},
{
"name": "https://github.com/suletm/security_research/blob/main/CVE/CVE-2022-24960.json",
"refsource": "MISC",
"url": "https://github.com/suletm/security_research/blob/main/CVE/CVE-2022-24960.json"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to 9.2.0 stable: https://www.pdftron.com/nightly/#stable/2022-02-08/9.2/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "No known workarounds exist."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24960",
"datePublished": "2022-03-09T06:20:50.785Z",
"dateReserved": "2022-02-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:46:59.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39307 (GCVE-0-2021-39307)
Vulnerability from nvd – Published: 2021-09-15 12:47 – Updated: 2024-08-04 02:06
VLAI
EPSS
VEX
Summary
PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.pdftron.com/webviewer/ | x_refsource_MISC |
| https://research.nccgroup.com/2021/09/14/technica… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:06:41.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pdftron.com/webviewer/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.nccgroup.com/2021/09/14/technical-advisory-pdftron-javascript-urls-allowed-in-webviewer-ui-cve-2021-39307/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PDFTron\u0027s WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-16T12:44:23.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pdftron.com/webviewer/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.nccgroup.com/2021/09/14/technical-advisory-pdftron-javascript-urls-allowed-in-webviewer-ui-cve-2021-39307/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-39307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PDFTron\u0027s WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pdftron.com/webviewer/",
"refsource": "MISC",
"url": "https://www.pdftron.com/webviewer/"
},
{
"name": "https://research.nccgroup.com/2021/09/14/technical-advisory-pdftron-javascript-urls-allowed-in-webviewer-ui-cve-2021-39307/",
"refsource": "MISC",
"url": "https://research.nccgroup.com/2021/09/14/technical-advisory-pdftron-javascript-urls-allowed-in-webviewer-ui-cve-2021-39307/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-39307",
"datePublished": "2021-09-15T12:47:05.000Z",
"dateReserved": "2021-08-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:06:41.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24960 (GCVE-0-2022-24960)
Vulnerability from cvelistv5 – Published: 2022-03-09 06:20 – Updated: 2024-09-17 01:46
VLAI
EPSS
VEX
Title
Use after free vulnerability in PDFTron SDK
Summary
A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows.
Severity
6.5 (Medium)
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.pdftron.com/nightly/#stable/2022-02-08/9.2/ | x_refsource_MISC |
| https://github.com/suletm/security_research/blob/… | x_refsource_MISC |
Date Public
2022-03-08 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:29:01.654Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pdftron.com/nightly/#stable/2022-02-08/9.2/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/suletm/security_research/blob/main/CVE/CVE-2022-24960.json"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Alex Niu, Tofig Suleymanov"
}
],
"datePublic": "2022-03-08T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-09T06:20:50.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pdftron.com/nightly/#stable/2022-02-08/9.2/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/suletm/security_research/blob/main/CVE/CVE-2022-24960.json"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to 9.2.0 stable: https://www.pdftron.com/nightly/#stable/2022-02-08/9.2/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Use after free vulnerability in PDFTron SDK",
"workarounds": [
{
"lang": "en",
"value": "No known workarounds exist."
}
],
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_PUBLIC": "2022-03-08T08:30:00.000Z",
"ID": "CVE-2022-24960",
"STATE": "PUBLIC",
"TITLE": "Use after free vulnerability in PDFTron SDK"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"credit": [
{
"lang": "eng",
"value": "Alex Niu, Tofig Suleymanov"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows."
}
]
},
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pdftron.com/nightly/#stable/2022-02-08/9.2/",
"refsource": "MISC",
"url": "https://www.pdftron.com/nightly/#stable/2022-02-08/9.2/"
},
{
"name": "https://github.com/suletm/security_research/blob/main/CVE/CVE-2022-24960.json",
"refsource": "MISC",
"url": "https://github.com/suletm/security_research/blob/main/CVE/CVE-2022-24960.json"
}
]
},
"solution": [
{
"lang": "en",
"value": "Upgrade to 9.2.0 stable: https://www.pdftron.com/nightly/#stable/2022-02-08/9.2/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"work_around": [
{
"lang": "en",
"value": "No known workarounds exist."
}
]
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24960",
"datePublished": "2022-03-09T06:20:50.785Z",
"dateReserved": "2022-02-11T00:00:00.000Z",
"dateUpdated": "2024-09-17T01:46:59.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39307 (GCVE-0-2021-39307)
Vulnerability from cvelistv5 – Published: 2021-09-15 12:47 – Updated: 2024-08-04 02:06
VLAI
EPSS
VEX
Summary
PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.pdftron.com/webviewer/ | x_refsource_MISC |
| https://research.nccgroup.com/2021/09/14/technica… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:06:41.810Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.pdftron.com/webviewer/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://research.nccgroup.com/2021/09/14/technical-advisory-pdftron-javascript-urls-allowed-in-webviewer-ui-cve-2021-39307/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PDFTron\u0027s WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-09-16T12:44:23.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.pdftron.com/webviewer/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://research.nccgroup.com/2021/09/14/technical-advisory-pdftron-javascript-urls-allowed-in-webviewer-ui-cve-2021-39307/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-39307",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PDFTron\u0027s WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.pdftron.com/webviewer/",
"refsource": "MISC",
"url": "https://www.pdftron.com/webviewer/"
},
{
"name": "https://research.nccgroup.com/2021/09/14/technical-advisory-pdftron-javascript-urls-allowed-in-webviewer-ui-cve-2021-39307/",
"refsource": "MISC",
"url": "https://research.nccgroup.com/2021/09/14/technical-advisory-pdftron-javascript-urls-allowed-in-webviewer-ui-cve-2021-39307/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-39307",
"datePublished": "2021-09-15T12:47:05.000Z",
"dateReserved": "2021-08-20T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:06:41.810Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}