Pdftron: Security Vulnerabilities
A use after free vulnerability was discovered in PDFTron SDK version 9.2.0. A crafted PDF can overwrite RIP with data previously allocated on the heap. This issue affects: PDFTron PDFTron SDK 9.2.0 on OSX; 9.2.0 on Linux; 9.2.0 on Windows.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-03-10
PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code.
CVSS Score
6.1
EPSS Score
0.007
Published
2021-09-15