Lucene search
K

6 matches found

Packet Storm
Packet Storm
β€’added 2026/03/06 12:0 a.m.β€’166 views

πŸ“„ pypdf Memory Exhaustion / Denial of Service

pypdf versions prior to 6.7.3 were vulnerable to a denial of service condition caused by uncontrolled memory allocation during decompression of XFA streams. An attacker could craft a malicious PDF file containing a highly compressed stream using /FlateDecode...

8.7CVSS5.8AI score0.00348EPSS
Exploits1
vulnersOsv
vulnersOsv
β€’added 2026/02/26 7:55 p.m.β€’7 views

01os (>=0.0.5 <=0.0.13), 3m (>=0.1.0 <=0.1.3) +2554 more potentially affected by CVE-2026-27888 via pypdf (>=3.10.0 <=6.7.2)

pypdf PYPI version =3.10.0, =0.0.5, =0.1.0, =0.0.1, =0.2.0, =0.4.0, =0.3.0, =0.3.0, =0.1.1, =0.1.0, =0.0.2, =0.2.0, =1.2.27, =3.0.145 and more Source cves: CVE-2026-27888 Source advisory: OSV:GHSA-X7HP-R3QG-R3CJ...

8.7CVSS7.1AI score0.00348EPSS
Exploits1
vulnersOsv
vulnersOsv
β€’added 2026/02/26 3:13 a.m.β€’5 views

01os (>=0.0.5 <=0.0.13), 3m (>=0.1.0 <=0.1.3) +2094 more potentially affected by CVE-2026-27888 via pypdf (>=6.0.0 <=6.7.2)

pypdf PYPI version =6.0.0, =0.0.5, =0.1.0, =0.0.1, =0.2.0, =0.4.0, =0.3.0, =0.3.0, =0.1.1, =0.1.0, =0.0.2, =0.2.0, =1.2.27, =0.1.0, =0.6.0, =0.7.3 and more Source cves: CVE-2026-27888 Source advisory: SNYK:PYTHON-PYPDF-15353400...

8.7CVSS7.1AI score0.00348EPSS
Exploits1
Circl
Circl
β€’added 2026/02/26 2:25 a.m.β€’7 views

CVE-2026-27888

creationtimestamp| type| source ---|---|--- 2026-02-26 02:25:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfq5e5qc2u2u 2026-02-26 20:40:19+00:00| seen| https://gist.github.com/alon710/46cb981f7572074584ce82b41bf22f76 2026-02-28 10:11:10+00:00| seen|...

8.7CVSS5.9AI score0.00348EPSS
Exploits1References3
CVE
CVE
β€’added 2026/02/26 12:42 a.m.β€’31 views

CVE-2026-27888

CVE-2026-27888 affects the pypdf library (Python) prior to 6.7.3. The issue arises when an attacker crafts a PDF that causes RAM exhaustion by accessing the reader/writer’s xfa property and a compressed stream using FlateDecode, leading to high availability impact. The vulnerability does not disc...

8.7CVSS5.4AI score0.00348EPSS
Exploits1References4Affected Software1
Debian CVE
Debian CVE
β€’added 2026/02/26 12:42 a.m.β€’6 views

CVE-2026-27888

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...

8.7CVSS8.1AI score0.00348EPSS
Exploits1
Rows per page
Query Builder