A new critical vulnerability has been discovered in PDF.js, which could allow a threat actor to execute arbitrary code when opening a malicious PDF. PDF.js allows browsers to render PDF files without any plugins or external software. This vulnerability affects multiple browsers and applications that use React-PDF.
Source: GBHackers