ROS-20260417-73-0015

Vulnerability in python-PyPDF2 related to excessive iteration. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

ROS-20260417-73-0019

A vulnerability in the Python library for handling PyPDF PDF files involves uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to affect the availability of protected information...

ROS-20260417-73-0018

A vulnerability in the Python library for handling PyPDF PDF files involves uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260417-73-0014

Vulnerability in python-PyPDF2 related to unrestricted resource allocation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20260417-73-0020

A vulnerability in the ContentStream.readInlineImage function of the PyPDF2 PDF processing library is related to incorrect implementation of the loop exit condition. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service using a specially crafted PDF fil...

ROS-20260417-73-0017

Vulnerability in python-PyPDF2 related to execution of a loop with an unreachable exit condition. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

PT-2026-33504

Name of the Vulnerable Software and Affected Versions Dolibarr versions prior to 23.0.0 Description Dolibarr is an enterprise resource planning ERP and customer relationship management CRM software package. An authenticated administrator can achieve remote code execution as the web server user by...

CVE-2026-40260

CVE-2026-40260 affects the Python library pypdf (formerly PyPDF2). The issue arises when parsing manipulated XMP metadata declarations within a PDF, causing excessive memory (RAM) usage for memory-constrained parsing workloads. Impact is described as potential large memory consumption during XMP ...

CVE-2026-40260

pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has...

Memory Allocation with Excessive Size Value

Overview PyPDF2 is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value in the FlateDecode image processing when handling images with large size values. An...

Memory Allocation with Excessive Size Value

Overview PyPDF2 is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Memory Allocation with Excessive Size Value via the FlateDecode method when handling streams with a /Predictor value not equal to...

CVE-2026-40505

A flaw was found in MuPDF mutool. This vulnerability allows a local attacker to embed malicious ANSI escape sequences within a PDF's metadata. When a user views the PDF's information using the mutool info command, these unsanitized sequences are processed by the terminal. This can lead to the...

CLSA-2026-1776333493 ghostscript: Fix of CVE-2024-29508

CVE-2024-29508: fix heap-based pointer disclosure in pdfbasefontalloc...

CVE-2026-40505

MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...

CVE-2026-6361

A heap buffer overflow flaw was found in the PDFium component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=500036290...

CVE-2026-40505

MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...

CVE-2026-40505

MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...

CVE-2026-40505

Technical details (affected product versions, root-cause specifics, and remediation steps) are not publicly provided in the supplied documents. The sources reiterate a MuPDF mutool PDF-metadata sanitization issue but do not include concrete technical specifics.

CVE-2026-40505

MuPDF before 1.27 contains an ANSI injection vulnerability in mutool that allows attackers to inject arbitrary ANSI escape sequences through crafted PDF metadata fields. Attackers can embed malicious ANSI escape codes in PDF metadata that are passed unsanitized to terminal output when running...

PT-2026-33222

Name of the Vulnerable Software and Affected Versions MuPDF mutool affected versions not specified Description MuPDF mutool fails to sanitize PDF metadata fields before writing them to terminal output. This allows the injection of arbitrary ANSI escape sequences—codes used to control terminal...