8 matches found
CVE-2026-40260
pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has...
ROOT-APP-PYPI-CVE-2026-40260 CVE-2026-40260 in rootio-pypdf - Patched by Root
Root has patched CVE-2026-40260 in the rootio-pypdf package for Root:PyPI. Multiple fixed versions available...
CVE-2026-40260 vulnerabilities
Vulnerabilities for packages: open-webui...
openSUSE 16 Security Update : python-PyPDF2 (openSUSE-SU-2026:20598-1)
The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20598-1 advisory. Changes in python-PyPDF2: - CVE-2026-40260: crafted PDF can lead to large memory usage bsc1262284 Tenable has extracted the preceding description block...
Security update for python-PyPDF2 (moderate)
openSUSE security update: security update for python-pypdf2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20598-1 Rating: moderate References: bsc1262284 Cross-References: CVE-2026-40260 Affected Products: openSUSE Leap 16.0...
CVE-2026-40260 vulnerabilities
Vulnerabilities for packages: nemo, open-webui, litellm...
CVE-2026-40260
pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has...
aiagents4pharma (>=1.45.0 <=1.48.1), aiagents4pharma-ansh (=0.0.0) +17 more potentially affected by CVE-2026-40260 via pypdf (=6.0.0)
pypdf PYPI version =6.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on pypdf and may be impacted: - aiagents4pharma =1.45.0, =1759155233.0.0, =0.3.0, =4.7.6, =1.0.0, =0.6.27, =0.0.1, =2025.7.0, =0.1.0, =0.4.1 and more Source cves: CVE-2026-40260...