CVE-2024-4367

This repository contains a functional Python script that generates a malicious PDF file exploiting CVE-2024-4367 in PDF.js. The exploit leverages a missing type check in font handling to achieve arbitrary JavaScript execution in the context of the hosting domain.

This repository contains a functional PoC for CVE-2024-4367, which exploits arbitrary JavaScript execution in PDF.js via a crafted PDF file. The PoC generates a malicious PDF that triggers the vulnerability when opened in a vulnerable PDF.js viewer.

This repository contains a functional Python script that generates a malicious PDF file exploiting CVE-2024-4367 in PDF.js. The exploit leverages a vulnerability in PDF.js to execute arbitrary JavaScript code when the PDF is opened in vulnerable applications like Firefox (<126).

This repository provides a YARA rule to detect PDF files exploiting CVE-2024-4367, which allows arbitrary JavaScript execution in PDF.js. It does not contain exploit code but serves as a detection mechanism for the vulnerability.

This repository provides a functional proof-of-concept for CVE-2024-4367, a vulnerability in the PDF.js library. It includes a demo project with sample PDFs designed to exploit the vulnerability, allowing users to test different exploitation methods.

This repository contains a functional PoC for CVE-2024-4367, demonstrating arbitrary JavaScript execution in PDF.js via a crafted PDF file. The exploit leverages a vulnerability in PDF.js to achieve XSS in Firefox, Firefox ESR, and Thunderbird.

This repository provides a functional proof-of-concept for CVE-2024-4367, a vulnerability in PDF.js (pdfjs-dist). It includes a demo project with frontend components (React, Vue, Svelte) to test and exploit the vulnerability using crafted PDF files.

This repository contains a functional exploit PoC that chains CVE-2024-4367 (PDF-based RCE) and CVE-2023-38831 (WinRAR path traversal) to achieve remote command execution via a malicious PDF and RAR archive. The script generates a malicious PDF that triggers a download of a crafted RAR file, which executes a reverse shell when extracted.

The repository contains a functional exploit for CVE-2024-4367, which leverages insufficient type checks on the FontMatrix object in PDF.js to execute arbitrary JavaScript. The exploit script automates the creation of a malicious PDF, integrates with the Social Engineering Toolkit (SET) for phishing, and hosts a server to capture exfiltrated data.

This repository provides a functional workaround for CVE-2024-4367 by disabling JavaScript evaluation in PDF.js within Odoo 14.0. It includes a custom module that overrides default attachment handling to mitigate the vulnerability.

This repository contains a functional PoC for CVE-2024-4367, demonstrating an XSS vulnerability in PDF.js. The exploit generates a malicious PDF file that, when opened, executes arbitrary JavaScript payloads, including cookie theft, keylogging, and local file access in Electron-based applications.

The repository claims to demonstrate CVE-2024-4367 (XSS) but lacks actual exploit code, instead listing generic features and pointing to external images. No technical details or PoC code are provided.

This repository contains a functional Python script that modifies a PDF file to exploit CVE-2024-4367, an arbitrary JavaScript execution vulnerability in PDF.js. The script injects malicious payloads into the PDF's FontMatrix field, which can trigger arbitrary JavaScript execution when the PDF is rendered.

This Python script generates a malicious PDF file exploiting CVE-2024-4367, likely targeting a vulnerability in PDF parsing. The payload is embedded within the PDF structure, specifically in the FontMatrix field, suggesting a potential buffer overflow or injection attack.

This repository contains a functional exploit PoC for CVE-2024-4367, targeting a vulnerability in PDF.js. The exploit involves a Node.js server setup with Express and Multer, demonstrating how the vulnerability can be leveraged to bypass access controls and potentially execute arbitrary code.

This repository provides a functional PoC for CVE-2024-4367, a vulnerability in Firefox's PDF.js font renderer. It includes scripts to generate a malicious PDF, launch vulnerable Firefox versions, and compare patched vs. unpatched code.

This repository provides a detailed technical analysis of CVE-2024-4367, a vulnerability in PDF.js allowing arbitrary JavaScript execution via improper type checking in font handling. It includes PoC PDFs and mitigation strategies.

This repository contains a functional PoC for CVE-2024-4367, which exploits arbitrary JavaScript execution in PDF.js via a maliciously crafted PDF file. The script generates a PDF with embedded JavaScript payloads that trigger when parsed by vulnerable versions of PDF.js.

This exploit generates a malicious PDF file that leverages a vulnerability in Firefox ESR 115.11's PDF.js to execute arbitrary JavaScript. The payload is embedded within the PDF's font matrix structure.