flowpaper 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk memory corruption and バッファオーバーフロー などに関し、一部は vendor impact memory corruption を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-5200 | The flowpaper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'flipbook' shortcode in versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | [email protected] | 6.4 | 0.45% | 2023-10-20 | 2026-04-08 |
| CVE-2023-40197 | Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Devaldi Ltd flowpaper plugin <= 1.9.9 versions. | [email protected] | 6.5 | 0.31% | 2023-09-04 | 2024-11-21 |
| CVE-2020-23879 | pdf2json v0.71 was discovered to contain a NULL pointer dereference in the component ObjectStream::getObject. | [email protected] | 7.5 | 1.36% | 2021-11-10 | 2024-11-21 |
| CVE-2020-23878 | pdf2json v0.71 was discovered to contain a stack buffer overflow in the component XRef::fetch. | [email protected] | 9.8 | 1.71% | 2021-11-10 | 2024-11-21 |
| CVE-2020-19475 | An issue has been found in function CCITTFaxStream::lookChar in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid write of size 2 . | [email protected] | 5.5 | 0.63% | 2021-07-21 | 2024-11-21 |
| CVE-2020-19474 | An issue has been found in function Gfx::doShowText in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an Use After Free . | [email protected] | 5.5 | 0.67% | 2021-07-21 | 2024-11-21 |
| CVE-2020-19473 | An issue has been found in function DCTStream::decodeImage in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an uncaught floating point exception. | [email protected] | 5.5 | 0.63% | 2021-07-21 | 2024-11-21 |
| CVE-2020-19472 | An issue has been found in function DCTStream::readHuffSym in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 2 . | [email protected] | 5.5 | 0.63% | 2021-07-21 | 2024-11-21 |
| CVE-2020-19471 | An issue has been found in function DCTStream::decodeImage in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 4 . | [email protected] | 5.5 | 0.63% | 2021-07-21 | 2024-11-21 |
| CVE-2020-19470 | An issue has been found in function DCTStream::getChar in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a NULL pointer dereference (invalid read of size 1) . | [email protected] | 5.5 | 0.63% | 2021-07-21 | 2024-11-21 |
| CVE-2020-19469 | An issue has been found in function DCTStream::reset in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid write of size 8 . | [email protected] | 5.5 | 0.63% | 2021-07-21 | 2024-11-21 |
| CVE-2020-19468 | An issue has been found in function EmbedStream::getChar in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a null pointer derefenrece (invalid read of size 8) . | [email protected] | 5.5 | 0.63% | 2021-07-21 | 2024-11-21 |
| CVE-2020-19467 | An issue has been found in function DCTStream::transformDataUnit in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an Illegal Use After Free . | [email protected] | 5.5 | 0.66% | 2021-07-21 | 2024-11-21 |
| CVE-2020-19466 | An issue has been found in function DCTStream::transformDataUnit in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 1 . | [email protected] | 5.5 | 0.63% | 2021-07-21 | 2024-11-21 |
| CVE-2020-19465 | An issue has been found in function ObjectStream::getObject in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to an invalid read of size 4 . | [email protected] | 5.5 | 0.63% | 2021-07-21 | 2024-11-21 |
| CVE-2020-19464 | An issue has been found in function XRef::fetch in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow . | [email protected] | 5.5 | 0.74% | 2021-07-21 | 2024-11-21 |
| CVE-2020-19463 | An issue has been found in function vfprintf in PDF2JSON 0.70 that allows attackers to cause a Denial of Service due to a stack overflow. | [email protected] | 5.5 | 0.74% | 2021-07-21 | 2024-11-21 |
| CVE-2020-18750 | Buffer overflow in pdf2json 0.69 allows local users to execute arbitrary code by converting a crafted PDF file. | [email protected] | 7.8 | 0.54% | 2021-02-05 | 2024-11-21 |
| CVE-2018-11686 | The Publish Service in FlexPaper (later renamed FlowPaper) 2.3.6 allows remote code execution via setup.php and change_config.php. | [email protected] | 9.8 | 49.79% | 2019-07-03 | 2024-11-21 |
| CVE-2018-14947 | An issue has been found in PDF2JSON 0.69. XmlFontAccu::CSStyle in XmlFonts.cc has Mismatched Memory Management Routines (operator new [] versus operator delete). | [email protected] | 8.8 | 1.60% | 2018-08-05 | 2024-11-21 |