11 matches found
CVE-2026-55197
Hermes WebUI before 0.51.443 has a broken access control weakness in the /api/session endpoint. Authenticated users can bypass profile boundaries and query session IDs from other profiles via GET /api/session?session_id=&messages=1 to retrieve unauthorized transcripts and metadata. This affects t...
Security Bulletin: IBM watsonx.data integration has vulnerabilities due to open source packages (CVE-2025-55197)
Summary Open source packages are used as part of the overall processing in IBM watsonx.data integration. Vulnerability Details CVEID:CVE-2025-55197 DESCRIPTION: pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM bein...
python311-PyPDF2-2.11.1-4.1 on GA media (moderate)
python311-PyPDF2-2.11.1-4.1 on GA media Announcement ID: openSUSE-SU-2026:10238-1 Rating: moderate Cross-References: CVE-2025-55197 CVE-2026-27024 CVE-2026-27025 CVE-2026-27026 Affected Products: openSUSE Tumbleweed An update that solves 4 vulnerabilities can now be installed. Description: These...
Security Bulletin: Multiple Vulnerabilities affecting IBM Watson Studio in Cloud Pak for Data are addressed
Summary There are multiple vulnerabilities impacting IBM Watson Studio in Cloud Pak for Data. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details CVEID:CVE-2025-7647 DESCRIPTION: The llama-index-core package, up to version 0.12.44, contains a...
python311-pypdf-6.0.0-1.1 on GA media (moderate)
python311-pypdf-6.0.0-1.1 on GA media Announcement ID: openSUSE-SU-2025:15440-1 Rating: moderate Cross-References: CVE-2025-55197 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...
CVE-2025-55197
A flaw was found in pypdf. Processing maliciously crafted PDF files utilizing a sequence of FlateDecode filters can exhaust available RAM. An attacker can trigger this condition by simply reading the malicious PDF file. This results in a resource exhaustion condition, leading to an application...
CVE-2025-55197
pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are...
CVE-2025-55197 pypdf's Manipulated FlateDecode streams can exhaust RAM
pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are...
CVE-2025-55197 pypdf's Manipulated FlateDecode streams can exhaust RAM
pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are...
CVE-2025-55197 pypdf's Manipulated FlateDecode streams can exhaust RAM
pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are...
a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +591 more potentially affected by CVE-2025-55197 via pypdf (>=3.10.0 <=5.9.0)
pypdf PYPI version =3.10.0, =0.1.1, =0.8.1, =0.9.1, =0.2.0, =0.0.2, =0.0.1, =0.0.1, =0.2.0, =0.1.4, =0.1.0a0.dev0, =1.1.3 and more Source cves: CVE-2025-55197 Source advisory: OSV:GHSA-7HFW-26VP-JP8M...