Memory Allocation with Excessive Size Value

Overview PyPDF2 is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the FlateDecode image processing when handling images with large size values. An...

Memory Allocation with Excessive Size Value

Overview PyPDF2 is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the FlateDecode method when handling streams with a /Predictor value not equal to...

Pypdf: Manipulated XMP Metadata Entity Declarations Can Exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. Patches This has been fixed in "pypdf==6.10.0" https://github.com/py-pdf/pypdf/releases/tag/6.10.0. Workarounds If you cannot upgrade yet, consider applying th...

CVE-2026-3308

An integer overflow vulnerability in 'pdf-image.c' in Artifex's MuPDF version 1.27.0 allows an attacker to maliciously craft a PDF that can trigger an integer overflow within the 'pdfloadimageimp' function. This allows a heap out-of-bounds write that could be exploited for arbitrary code executio...

OPENSUSE-SU-2026:10464-1 python311-pypdf-6.9.2-1.1 on GA media

These are all security issues fixed in the python311-pypdf-6.9.2-1.1 package on the GA media of openSUSE Tumbleweed...

openSUSE 16 Security Update : python-PyPDF2 (openSUSE-SU-2026:20430-1)

The remote openSUSE 16 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2026:20430-1 advisory. Changes in python-PyPDF2: - CVE-2026-33123: Fixed excessive resource consumption when processing specially crafted PDF due to inefficient decoding of...

GHSA-87MJ-5GGW-8QC3 pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. Patches This has been fixed in pypdf==6.9.2. Workarounds If users cannot upgrade yet, consider applying the changes from PR 3693...

Security Bulletin: IBM InfoSphere Optim Archive Viewer is affected by a vulnerability in jsPDF (CVE-2025-57810)

Summary A vulnerability in jsPDF CVE-2025-57810 used by IBM InfoSphere Optim Archive Viewer has been addressed by upgrading the library to version 4.0.0. Vulnerability Details CVEID:CVE-2025-57810 DESCRIPTION: jsPDF is a library to generate PDFs in JavaScript. Prior to 3.0.2, user control of the...

python311-PyPDF2-2.11.1-8.1 on GA media (moderate)

python311-PyPDF2-2.11.1-8.1 on GA media Announcement ID: openSUSE-SU-2026:10402-1 Rating: moderate Cross-References: CVE-2026-33123 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

GHSA-VRQM-GVQ7-RRWH PDFME Affected by Decompression Bomb in FlateDecode Stream Parsing Causes Memory Exhaustion DoS

Summary The DecodeStream.ensureBuffer method in @pdfme/pdf-lib doubles its internal buffer without any upper bound on the decompressed size. A crafted PDF containing a FlateDecode stream with a high compression ratio decompression bomb causes unbounded memory allocation during stream decoding,...

UBUNTU-CVE-2026-33123

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

CVE-2026-33123

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

CVE-2026-31938

jsPDF prior to 4.2.1 is vulnerable: unsanitized user input passed to the output method’s options can inject HTML/scripts into the browser context when a PDF is opened. The issue is triggered when an attacker provides values via a web interface, which are forwarded to the victim’s browser and proc...

CVE-2026-31898 jsPDF has a PDF Object Injection via FreeText color

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.2.1, user control of arguments of the createAnnotation method allows users to inject arbitrary PDF objects, such as JavaScript actions. If given the possibility to pass unsanitized input to the following method, a user can inje...

jsPDF 安全漏洞

jsPDF is a JavaScript-based PDF document generation library developed by Parallax. Versions of jsPDF prior to 4.2.1 contained security vulnerabilities. These vulnerabilities stemmed from the possibility that parameters controlling the createAnnotation method could allow for the injection of...

jsPDF 跨站脚本漏洞

jsPDF is a JavaScript-based PDF document generation library developed by Parallax. Versions of jsPDF prior to 4.2.1 had a cross-site scripting vulnerability. This vulnerability stemmed from insufficient control over the options parameter of the output function, allowing attackers to inject...

OPENSUSE-SU-2026:20348-1 Security update for python-PyPDF2

This update for python-PyPDF2 fixes the following issues: Changes in python-PyPDF2: - CVE-2026-28804: Denial of Service via crafted PDF with ASCIIHexDecode filter bsc1259404 - Update sources with osc run downloadfiles...

CVE-2026-31826

pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...

CVE-2026-28804

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5...

CVE-2026-28804

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5...