Debian DLA-3039-1 : pypdf2 - LTS security update

The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-3039 advisory. Sebastian Krause discovered that manipulated inline images can force PyPDF2, a pure Python PDF library, into an infinite loop, if a maliciously crafted PDF file is processe...

DEBIAN-CVE-2022-28085

A flaw was found in htmldoc commit 31f7804. A heap buffer overflow in the function pdfwritenames in ps-pdf.cxx may lead to arbitrary code execution and Denial of Service DoS...

CVE-2022-24859

PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content...

CVE-2022-24859

PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content...

PYSEC-2022-194

PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content...

CVE-2022-24859 Manipulated inline images can cause Infinite Loop in PyPDF2

PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content...

PyPDF2 安全漏洞

PyPDF2 is a free open source pure python PDF library . It can split, merge, crop and convert pages in PDF files. PyPDF2 has a security vulnerability that originated in versions prior to 1.27.5, which allows an attacker to create PDFs that will result in an infinite loop if PyPDF2 if the code trie...

CVE-2022-24859

CVE-2022-24859 affects PyPDF2 prior to 1.27.5. The issue is an infinite loop triggered when a malicious PDF is processed because the ContentStream._readInlineImage loop does not terminate unless it encounters an EI token, failing to detect end-of-stream. This can cause unbounded processing time d...

[SECURITY] Fedora 33 Update: pdfbox-2.0.24-1.fc33

Apache PDFBox is an open source Java PDF library for working with PDF documents. This project allows creation of new PDF documents, manipulation of existing documents and the ability to extract content from documents. Apache PDFBox also includes several command line utilities. Apache PDFBox is...

The vulnerability of the implementation of functions LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile, or DAOpenFileReadOnly in the PDF handling library “Quick PDF Library” allows a perpetrator to gain unauthorized access to protected information or cause service failures.

The vulnerability of the implementations of the LoadFromFile, LoadFromString, LoadFromStream, DAOpenFile, or DAOpenFileReadOnly functions in the PDF handling library is related to the occurrence of operations outside the buffer in memory when processing xref entries. Exploitation of this...

Vulnerability of the DAOpenFile or DAOpenFileReadOnly function implementation in the PDF handling library. The Quick PDF Library allows unauthorized access to protected information or causes service failures.

The vulnerability of the DAOpenFile or DAOpenFileReadOnly functions in the PDF handling library of the Quick PDF Library lies in the issue of the operation going beyond the buffer in memory when processing xref entries. Exploiting this vulnerability could allow an attacker to gain unauthorized...

The vulnerability in the implementation of the LoadFromFile, LoadFromString, or LoadFromStream functions of the PDF Quick PDF Library allows a perpetrator to trigger a service failure.

The vulnerability of the implementation of the LoadFromFile, LoadFromString, or LoadFromStream functions in the PDF handling library of the Quick PDF Library is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to trigger a...

Unspecified vulnerability in PoDoFo (CNVD-2021-43538)

PoDoFo is a free, portable and easy to use PDF parsing, modification and creation library. An uncontrolled recursive call vulnerability exists in the PdfTokenizer::ReadArray, PdfTokenizer::GetNextVariant and PdfTokenizer::ReadDataType functions in PoDoFo version 0.9.7. An attacker could exploit...

CVE-2021-28558

Acrobat Reader DC versions versions 2021.001.20150 and earlier, 2020.001.30020 and earlier and 2017.011.30194 and earlier are affected by an Heap-based buffer overflow vulnerability in the PDFLibTool component. An unauthenticated attacker could leverage this vulnerability to achieve arbitrary cod...

Fedora: Security Advisory for pdfbox (FEDORA-2021-8b17a2725e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 34 Update: xmlgraphics-commons-2.6-1.fc34

Apache XML Graphics Commons is a library that consists of several reusable components used by Apache Batik and Apache FOP. Many of these components can easily be used separately outside the domains of SVG and XSL-FO. You will find components such as a PDF library, an RTF library, Graphics2D...

[SECURITY] Fedora 34 Update: pdfbox-2.0.23-1.fc34

Apache PDFBox is an open source Java PDF library for working with PDF documents. This project allows creation of new PDF documents, manipulation of existing documents and the ability to extract content from documents. Apache PDFBox also includes several command line utilities. Apache PDFBox is...

Regular Expression Denial of Service (ReDoS)

Overview jspdf is a PDF Document creation from JavaScript Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. ReDoS is possible via the addImage function. Details Denial of Service DoS describes a family of attacks, all aimed at making a system...

CVE-2020-26536

An issue was discovered in Foxit Reader and PhantomPDF before 10.1. There is a NULL pointer dereference via a crafted PDF document...

[SECURITY] Fedora 32 Update: podofo-0.9.6-11.fc32

PoDoFo is a library to work with the PDF file format. The name comes from the first letter of PDF Portable Document Format. A few tools to work with PDF files are already included in the PoDoFo package. The PoDoFo library is a free, portable C++ library which includes classes to parse PDF files a...