Pdf Image Project

pdf-image_project

3 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (3)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-26830 1Pdf Image Project 1Pdf Image Apr 2, 2026 Mar 25, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-cont...Show more pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-controlled file paths into shell command strings that are executed via child_process.exec()Show less
CVE-2020-8132 1Pdf Image Project 1Pdf Image Nov 21, 2024 Feb 28, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.
CVE-2018-3757 1Pdf Image Project 1Pdf Image Nov 21, 2024 Jun 1, 2018 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter.