CVE-2024-4367

HIGH8.8EPSS 40.3%

PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

發布日:2024/5/7修改日:2026/5/13

描述

### Impact If pdf.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. ### Patches The patch removes the use of `eval`: https://github.com/mozilla/pdf.js/pull/18015 ### Workarounds Set the option `isEvalSupported` to `false`. ### References https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

受影響套件(9)

Debian/firefox-esrfrom 0, < 115.11.0esr-1~deb11u1
Debian/firefox-esrfrom 0, < 115.11.0esr-1~deb11u1
Debian/firefox-esrfrom 0, < 115.11.0esr-1~deb10u1
Debian/odoofrom 0, < 14.0.0+dfsg.2-7+deb11u2
Debian/odoofrom 0, < 14.0.0+dfsg.2-7+deb11u2
Debian/thunderbirdfrom 0, < 1:115.11.0-1~deb10u1
Debian/thunderbirdfrom 0, < 1:115.11.0-1~deb11u1
Debian/thunderbirdfrom 0, < 1:115.11.0-1~deb11u1
npm/pdfjs-distfrom 0, < 4.2.67

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

描述

受影響套件(9)

CVSS 分數

參考連結(18)