Security
Headlines
HeadlinesLatestCVEs

Tag

#pdf

Hackers Using Rogue Versions of KeePass and SolarWinds Software to Distribute RomCom RAT

The operators of RomCom RAT are continuing to evolve their campaigns with rogue versions of software such as SolarWinds Network Performance Monitor, KeePass password manager, and PDF Reader Pro. Targets of the operation consist of victims in Ukraine and select English-speaking countries like the U.K. "Given the geography of the targets and the current geopolitical situation, it's unlikely that

The Hacker News
Open in Source
#web#git#intel#pdf#The Hacker News
GHSA-rcrx-fpjp-mfrw: Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp

### Impact The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another. ### Patches It has been patched in 2.6.0 for muhammara and not at all for hummus ### Workarounds Do not process files from untrusted sources ### References PR: https://github.com/julianhille/MuhammaraJS/pull/194 Issue: https://github.com/julianhille/MuhammaraJS/issues/191 Issue in hummus: https://github.com/galkahana/HummusJS/issues/293 ### Outline differences to https://nvd.nist.gov/vuln/detail/CVE-2022-25892 The difference is one is in [src/deps/PDFWriter/PDFParser.cpp](https://github.com/julianhille/MuhammaraJS/commit/1890fb555eaf171db79b73fdc3ea543bbd63c002#diff-09ac2c64aeab42b14b2ae7b11a5648314286986f8c8444a5b3739ba7203b1e9b) and the other is [PDFDocumentHandler.cpp](https://github.com/julianhille/MuhammaraJS/pull/194/files#diff-38d338ea4c047fd7dd9a05b5ffe7c964f0fa7e79aff4c307ccee75...

CVE-2022-39381: Unchecked Return Value to NULL Pointer Dereference in PDFDocumentHandler.cpp

Muhammara is a node module with c/cpp bindings to modify PDF with js for node or electron (based/replacement on/of galkhana/hummusjs). The package muhammara before 2.6.0; all versions of package hummus are vulnerable to Denial of Service (DoS) when supplied with a maliciously crafted PDF file to be appended to another. This issue has been patched in 2.6.0 for muhammara and not at all for hummus. As a workaround, do not process files from untrusted sources.

CVE-2022-40840: cve-s/poc.txt at main · daaaalllii/cve-s

ndk design NdkAdvancedCustomizationFields 3.5.0 is vulnerable to Cross Site Scripting (XSS) via createPdf.php.

CVE-2022-26730: About the security content of macOS Ventura 13

A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation. This issue is fixed in macOS Ventura 13. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2022-32946: About the security content of iOS 16.1 and iPadOS 16

This issue was addressed with improved entitlements. This issue is fixed in iOS 16.1 and iPadOS 16. An app may be able to record audio using a pair of connected AirPods.

How Retailers Can Stay Protected During the Most Wonderful Time of the Year

Retailers' new holiday jingle must hit cybersecurity high points to help survive the season. Forget Dasher and Dancer — add SAST and DAST to app testing; manage third-party risks; and use MFA along with training and proper authentication to secure credentials.

CVE-2022-3791

A vulnerability was found in PDF & Print Plugin. It has been classified as problematic. This affects an unknown part of the component Setting Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-212613 was assigned to this vulnerability.