Pdf-Image Project Pdf-Image vulnerabilities
3 known vulnerabilities affecting pdf-image_project/pdf-image.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL3
Vulnerabilities
Page 1 of 1
CVE-2026-26830P2CRITICALCVSS 9.8≤ 2.0.02026-03-25
CVE-2026-26830 [CRITICAL] CWE-94 CVE-2026-26830: pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parame
pdf-image (npm package) through version 2.0.0 allows OS command injection via the pdfFilePath parameter. The constructGetInfoCommand and constructConvertCommandForPage functions use util.format() to interpolate user-controlled file paths into shell command strings that are executed via child_process.exec()
ghsanvdosv
CVE-2018-3757P3CRITICALCVSS 9.8v2.0.02018-06-01
CVE-2018-3757 [CRITICAL] CWE-78 CVE-2018-3757: Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter.
Command injection exists in pdf-image v2.0.0 due to an unescaped string parameter.
ghsanvdosv
CVE-2020-8132P3CRITICALCVSS 9.8≤ 2.0.0vNot Fixed2020-02-28
CVE-2020-8132 [CRITICAL] CWE-94 CVE-2020-8132: Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbi
Lack of input validation in pdf-image npm package version <= 2.0.0 may allow an attacker to run arbitrary code if PDF file path is constructed based on untrusted user input.
ghsanvdosv