PDF.js < 4.2.67 – Arbitrary JavaScript Execution

  • Resolved Zade

    (@nothin7)


    5 months, 3 weeks ago

    Hi,

    Can you let me know if and when you’ll be addressing the vulnerability with your plugin’s embedded PDF.js script?

    PDF.js < 4.2.67 – Arbitrary JavaScript Execution
    PDF.js is vulnerable to Arbitrary JavaScript Execution in versions prior to 4.2.67. This is due to a missing type check when handling fonts. This makes it possible for authenticated attackers, with contributor-level or above permissions, to execute arbitrary JavaScript if they can successfully trick a user into opening a crafted PDF file. Source:?Wordfence

    Thanks!

Viewing 2 replies - 1 through 2 (of 2 total)
Viewing 2 replies - 1 through 2 (of 2 total)
  • You must be logged in to reply to this topic.