Filtered by vendor Mooz
Subscriptions
Filtered by product Pdf-image
Subscriptions
Total
1 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-26830 | 1 Mooz | 1 Pdf-image | 2026-03-26 | 9.8 Critical |
| pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-controlled file paths into shell command strings that are executed via child_process.exec() | ||||
Page 1 of 1.