From fda4d86a61efe50a7f42ac0c68792bd8d9d8ddcd Mon Sep 17 00:00:00 2001
From: Peter Thaleikis <peter.thaleikis@gmail.com>
Date: Thu, 23 May 2024 20:09:59 +0200
Subject: [PATCH] CVE-2024-4367: Glyph rendering in Mozilla's PDF.js

---
 readme.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/readme.md b/readme.md
index b911081..1f98383 100644
--- a/readme.md
+++ b/readme.md
@@ -85,6 +85,7 @@ Personal notes and awesome infosec stuff for a bash-focused workflow. Highly sub
   - [`CVE-2024-25081`](https://nvd.nist.gov/vuln/detail/CVE-2024-25081) - Command-injection via filenames in subfonts,
   - [`CVE-2024-25082`](https://nvd.nist.gov/vuln/detail/CVE-2024-25082) - Similar to previous one, but in archives of compressed WOFF (ZLIB-based) / WOFF2 (Brotli-based) fonts.
 <!--lint enable awesome-list-item-->
+- [`CVE-2024-4367`](https://nvd.nist.gov/vuln/detail/CVE-2024-4367) - Glyph rendering in Mozilla's PDF.js leads to JavaScript Execution [`Codean Labs`](https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/).
 
 ### Request Smuggling