Pdf-image Project CVEs and Security Vulnerabilities

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2026-26830	2 Mooz, Pdf-image Project	2 Pdf-image, Pdf-image	2026-04-03	9.8 Critical
pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-controlled file paths into shell command strings that are executed via child_process.exec()
CVE-2020-8132	1 Pdf-image Project	1 Pdf-image	2024-11-21	9.8 Critical
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.
CVE-2018-3757	1 Pdf-image Project	1 Pdf-image	2024-11-21	9.8 Critical
Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter.

Page 1 of 1.