USN-8340-1: LibreOffice vulnerability

Duc Anh Nguyen discovered that LibreOffice incorrectly handled mismatched encryption salt parameters in crafted OOXML documents. An attacker could use this issue to cause LibreOffice to crash, resulting in a denial of service, or possibly execute arbitrary code...

CVE-2026-48735 pypdf: Manipulated XMP metadata streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1...

UBUNTU-CVE-2026-9100

The MongoDB C Driver's legacy GridFS API accepts malformed file metadata from the database without adequate validation. Crafted documents in a GridFS collection may cause any application that reads those files via the legacy API to either crash via a division-by-zero or silently leak process memo...

Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF in the libreoffice process when uploaded files containing external references are passed directly for conversion without content inspection. An attacker can cause the server to make arbitrary outbound HT...

Linux Distros Unpatched Vulnerability : CVE-2026-4430

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Out-of-bounds write vulnerability in The Document Foundation LibreOffice via crafted OOXML documents with mismatched encryption salt parameters. This issue...

PT-2026-38345

Name of the Vulnerable Software and Affected Versions LibreOffice versions 26.2 through 26.2.2 LibreOffice versions 25.8 through 25.8.6 Description An out-of-bounds write occurs when processing crafted OOXML documents that contain mismatched encryption salt parameters. An out-of-bounds write is a...

Astra Linux - уязвимость в pypdf2

pypdf is a pure-Python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who exploits this vulnerability can create a PDF that results in unexpected long execution times. This quadratic execution time blocks the current process and can even...

FreeBSD : (lib)expat -- Insufficient entropy (88440f1d-4168-11f1-95f7-00a098b42aeb)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 88440f1d-4168-11f1-95f7-00a098b42aeb advisory. https://github.com/libexpat/libexpat/pull/1183 reports: libexpat before 2.8.0 uses insufficient entropy...

Linux Distros Unpatched Vulnerability : CVE-2026-41168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to...

CVE-2026-41080

libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...

(lib)expat -- Insufficient entropy

https://github.com/libexpat/libexpat/pull/1183 reports: libexpat before 2.8.0 uses insufficient entropy, and thus hash flooding can occur via a crafted XML document...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal in ExtractEmbeddedFiles. An attacker can write files to arbitrary locations outside the intended directory by crafting malicious PDF files that exploit improper handling of file path separators. Note: This issue...

JLSEC-2026-80

Xpdf prior to version 4.04 contains an integer overflow in the JBIG2 decoder JBIG2Stream::readTextRegionSeg in JBIG2Stream.cc. Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. This is similar to the vulnerability described by...

CVE-2026-3779

The application's list box calculate array logic keeps stale references to page or form objects after they are deleted or re-created, which allows crafted documents to trigger a use-after-free when the calculation runs and can potentially lead to arbitrary code execution...

Integer Overflow or Wraparound

Overview PyMuPDF is an A high performance Python library for data extraction, analysis, conversion & manipulation of PDF and other documents. Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the pdfloadimageimp function. An attacker can achieve arbitrary code...

UBUNTU-CVE-2026-3308

An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...

CVE-2026-33123

A flaw was found in pypdf, a pure-python PDF library. An attacker can craft a malicious PDF file that, when processed, leads to excessive resource consumption, causing long runtimes and high memory usage. This can result in a Denial of Service DoS condition, making the application unresponsive or...

CVE-2026-33123 pypdf has inefficient decoding of array-based streams

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

GHSA-HQMH-PPP3-XVM7 pypdf: manipulated stream length values can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Patches This has been fixed in pypdf==6.8.0. Workarounds If you canno...

Denial Of Service

pypdf is vulnerable to Denial Of Service. The vulnerability is due to unbounded processing of RunLengthDecode streams, where the content stream is parsed without proper memory usage checks and an attacker can craft a PDF that leads to large memory consumption...