CVE-2026-5940
- EPSS 0.17%
- Veröffentlicht 27.04.2026 11:00:36
- Zuletzt bearbeitet 29.04.2026 17:26:50
Calling a function that triggers a UI refresh after removing comments via a script may access an invalidated object, leading to program crashes.
CVE-2026-5942
- EPSS 0.18%
- Veröffentlicht 27.04.2026 11:00:33
- Zuletzt bearbeitet 29.04.2026 17:18:37
Flaws in page lifecycle management allow document structure changes to desynchronize internal component states, causing subsequent operations to access invalidated objects and crash the program.
CVE-2026-5943
- EPSS 0.18%
- Veröffentlicht 27.04.2026 11:00:31
- Zuletzt bearbeitet 29.04.2026 17:18:04
Document structural anomalies caused inconsistencies between page element relationships and internal index states. When scripts triggered document modifications, object reference validity was not properly maintained, leading to a crash when accessing...
CVE-2026-5939
- EPSS 0.11%
- Veröffentlicht 27.04.2026 11:00:29
- Zuletzt bearbeitet 29.04.2026 17:28:10
A crafted XFA PDF can trigger a use-after-free condition during calculate event processing, causing the application to crash and resulting in an arbitrary code execution.
CVE-2026-5941
- EPSS 0.17%
- Veröffentlicht 27.04.2026 11:00:25
- Zuletzt bearbeitet 29.04.2026 17:24:15
Parsing logic flaws cause non-signature data to be misidentified as valid signatures when processing malformed form field hierarchies, leading to invalid memory writes and program crashes during internal data structure construction.
CVE-2026-3774
- EPSS 0.11%
- Veröffentlicht 01.04.2026 01:40:39
- Zuletzt bearbeitet 10.04.2026 01:36:58
The application allows PDF JavaScript and document/print actions (such as WillPrint/DidPrint) to update form fields, annotations, or optional content groups (OCGs) immediately before or after redaction, encryption, or printing. These script‑driven up...
CVE-2026-3775
- EPSS 0.25%
- Veröffentlicht 01.04.2026 01:40:36
- Zuletzt bearbeitet 14.04.2026 17:56:31
The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these librar...
CVE-2026-3776
- EPSS 0.1%
- Veröffentlicht 01.04.2026 01:40:35
- Zuletzt bearbeitet 14.04.2026 17:55:57
The application does not validate the presence of required appearance (AP) data before accessing stamp annotation resources. When a PDF contains a stamp annotation missing its AP entry, the code continues to dereference the associated object without ...
CVE-2026-3780
- EPSS 0.12%
- Veröffentlicht 01.04.2026 01:40:33
- Zuletzt bearbeitet 28.04.2026 14:14:57
The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and ...
CVE-2026-3778
- EPSS 0.1%
- Veröffentlicht 01.04.2026 01:40:31
- Zuletzt bearbeitet 14.04.2026 17:50:53
The application does not detect or guard against cyclic PDF object references while handling JavaScript in PDF. When pages and annotations are crafted that reference each other in a loop, passing the document to APIs (e.g., SOAP) that perform deep tr...