24 matches found
CVE-2026-41168
A flaw was found in pypdf. An attacker can craft a malicious PDF file containing oversized cross-reference streams or object streams. Processing such a file can lead to excessively long runtimes, resulting in a Denial of Service DoS for applications using the pypdf library. Mitigation Mitigation...
SUSE CVE-2026-41168
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. This ha...
CVE-2026-41168
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. This ha...
DEBIAN-CVE-2026-41168
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. This ha...
CVE-2026-41168 pypdf has possible long runtimes for wrong size values in cross-reference and object streams
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. This ha...
EUVD-2026-25100
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. This ha...
CVE-2026-41168
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. This ha...
pypdf 安全漏洞
pypdf is an open-source, free Python library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages within PDF files. Prior to version 6.10.1, pypdf had security vulnerabilities. These vulnerabilities stemmed from the ability of attackers to create PDFs with incorre...
PT-2026-34562
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.10.1 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that results in long runtimes. This is achieved by using cross-reference streams with incorrect large /Size values or object...
pypdf has long runtimes for wrong size values in cross-reference and object streams
Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. Patches This has been fixed in pypdf==6.10.1. Workarounds If you cannot upgrade yet,...
ROS-20250910-02
A vulnerability in the Hints::Hints poppler/Hints.cc function of the Poppler PDF display library is related to a resource release error. with resource release errors. Exploitation of the vulnerability allows an attacker acting remotely, to cause a denial of service using a specially crafted PDF...
Linux Distros Unpatched Vulnerability : CVE-2018-6544
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pdfloadobjstm in pdf/pdf-xref.c in Artifex MuPDF 1.12.0 could reference the object stream recursively and therefore run out of error stack, which allows remote...
Linux Distros Unpatched Vulnerability : CVE-2023-3436
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Xpdf 4.04 will deadlock on a PDF object stream whose Length field is itself in another object stream. CVE-2023-3436 Note that Nessus relies on the presence of t...
PT-2023-24838 · Xpdf +1 · Xpdf +1
Name of the Vulnerable Software and Affected Versions: Xpdf version 4.04 Description: The issue occurs when Xpdf 4.04 encounters a PDF object stream whose Length field is itself in another object stream, causing a deadlock. Recommendations: For Xpdf version 4.04, consider updating to a newer...
SUSE CVE-2020-26945
MyBatis before 3.5.6 mishandles deserialization of object streams...
mybatis: mishandles deserialization of object streams which could result in remote code execution
MyBatis before 3.5.6 mishandles deserialization of object streams...
GHSA-QQ48-M4JX-XQH8 "Deserialization errors in MyBatis"
MyBatis before 3.5.6 mishandles deserialization of object streams leading to potential cache poisoning...
CVE-2020-26945
MyBatis before 3.5.6 mishandles deserialization of object streams...
CVE-2020-26945
The CVE-2020-26945 entry concerns MyBatis before 3.5.6, where mishandling deserialization of object streams can enable a high-severity impact. The vulnerability affects the MyBatis data mapper/framework’s deserialization path, with CVSS v3.1 base score 8.1 (NETWORK, HIGH complexity, no privileges...
CVE-2020-26945
MyBatis before 3.5.6 mishandles deserialization of object streams...