Security
Headlines
HeadlinesLatestCVEs

Tag

#pdf

A Huge Scam Targeting Kids With Roblox and Fortnite 'Offers' Has Been Hiding in Plain Sight

The wide-ranging scams, often disguised as game promotions, can all be linked back to one network.

Wired
Open in Source
#vulnerability#web#amazon#git#pdf#aws#auth
CVE-2020-35990: PDF Software & Tools Tailored to Your Business | Foxit

Buffer Overflow vulnerability in cFilenameInit parameter in browseForDoc function in Foxit Software Foxit PDF Reader version 10.1.0.37527, allows local attackers to cause a denial of service (DoS) via crafted .pdf file.

CVE-2020-36023: Stack-Overflow in `FoFiType1C::cvtGlyph` results in Segmentation Fault (#1013) · Issues · poppler / poppler · GitLab

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::cvtGlyph function.

CVE-2020-36024: NULL-Pointer Deference in `FoFiType1C::convertToType1` (#1016) · Issues · poppler / poppler · GitLab

An issue was discovered in freedesktop poppler version 20.12.1, allows remote attackers to cause a denial of service (DoS) via crafted .pdf file to FoFiType1C::convertToType1 function.

CVE-2021-25786: Heap-use-after-free in `Pl_ASCII85Decoder::write` · Issue #492 · qpdf/qpdf

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.

CVE-2021-28427: XnView 2.49.4 - XnView Software

Buffer Overflow vulnerability in XNView version 2.49.3, allows local attackers to execute arbitrary code via crafted TIFF file.

Ubuntu Security Notice USN-6277-2

Ubuntu Security Notice 6277-2 - USN-6277-1 fixed vulnerabilities in Dompdf. This update provides the corresponding updates for Ubuntu 22.04 LTS. It was discovered that Dompdf was not properly validating untrusted input when processing HTML content under certain circumstances. An attacker could possibly use this issue to expose sensitive information or execute arbitrary code. This issue only affected Ubuntu 16.04 LTS.

Several hospitals still counting the cost of widespread ransomware attack

Categories: News Tags: hospital Tags: healthcare Tags: ransomware Tags: hijack Tags: network Tags: compromise Tags: data Tags: ambulance Tags: service Tags: redirect A widespread ransomware attack affecting 16 hospitals last week has led to ongoing cleanup efforts. (Read more...) The post Several hospitals still counting the cost of widespread ransomware attack appeared first on Malwarebytes Labs.

New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks

Malicious actors are using a legitimate Rust-based injector called Freeze[.]rs to deploy a commodity malware called XWorm in victim environments. The novel attack chain, detected by Fortinet FortiGuard Labs on July 13, 2023, is initiated via a phishing email containing a booby-trapped PDF file. It has also been used to introduce Remcos RAT by means of a crypter called SYK Crypter, which was