Security update for python-PyMuPDF (important)

openSUSE security update: security update for python-pymupdf ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20887-1 Rating: important References: bsc1259921 Cross-References: CVE-2026-3029 Affected Products: openSUSE Leap 16.0...

OPENSUSE-SU-2026:20887-1 Security update for python-PyMuPDF

This update for python-PyMuPDF fixes the following issues: Changes in python-PyMuPDF: - CVE-2026-3029: Fixed path traversal and arbitrary file write via the embeddedget function in main.py bsc1259921...

Integer Overflow or Wraparound

Overview PyMuPDF is an A high performance Python library for data extraction, analysis, conversion & manipulation of PDF and other documents. Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the pdfloadimageimp function. An attacker can achieve arbitrary code...

10xscale-agentflow-cli (>=0.3.0 <=0.3.1), 3m (>=0.1.0 <=0.1.3) +2306 more potentially affected by CVE-2026-3308 via pymupdf (>=1.16.14 <=1.27.2.3)

pymupdf PYPI version =1.16.14, =0.3.0, =0.1.0, =0.1.1001, =1.1.0, =0.0.4.80, =3.4.6 - aait-store-cut-part-001 =0.0.1 - aait-store-cut-part-002 =0.0.1 - aait-store-cut-part-003 =0.0.1 - aait-store-cut-part-004 =0.0.1 - aait-store-cut-part-005 =0.0.1 - aait-store-cut-part-006 =0.0.1 -...

OPENSUSE-SU-2026:10416-1 python313-PyMuPDF-1.27.2.2-1.1 on GA media

These are all security issues fixed in the python313-PyMuPDF-1.27.2.2-1.1 package on the GA media of openSUSE Tumbleweed...

Path Traversal

PyMuPDF is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in the embedded get function in main.py, allowing attackers to manipulate paths and write files outside the intended directory, leading to arbitrary file write...

SUSE CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

42towels (>=0.1.1001 <=0.1.1011), aait (>=0.0.4.80 <=2.3.14) +285 more potentially affected by CVE-2026-3029 via pymupdf (>=1.16.14 <=1.26.6)

pymupdf PYPI version =1.16.14, =0.1.1001, =0.0.4.80, =0.1.3, =0.7.0, =0.0.1, =0.1.31, =0.0.5, =0.0.3.20, =0.0.1, =0.1.0, =1.5.0, =1.2.3, =0.7.0b20230331, =0.8.1b20230620 and more Source cves: CVE-2026-3029 Source advisory: SNYK:PYTHON-PYMUPDF-15702040...

Directory Traversal

Overview PyMuPDF is an A high performance Python library for data extraction, analysis, conversion & manipulation of PDF and other documents. Affected versions of this package are vulnerable to Directory Traversal via the embeddedget function if the derived output path is not supplied with...

contextifier (>=0.1.0 <=0.2.2), datascav-switch (=1.1.0) +11 more potentially affected by CVE-2026-3029 via pymupdf (>=1.26.5 <=1.26.6)

pymupdf PYPI version =1.26.5, =0.1.0, =0.5.0, =0.1.0, =0.0.53, =0.13.1, =0.2.0, =0.1.0, =0.2.26 - xl-pdf =0.1.1 Source cves: CVE-2026-3029 Source advisory: OSV:GHSA-CXQH-P2W9-FMR7...

GHSA-CXQH-P2W9-FMR7 PyMuPDF has a path traversal in _main_.py

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

PyMuPDF has a path traversal in _main_.py

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

UBUNTU-CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029

PyMuPDF (Python wrapper for MuPDF) has a path traversal / arbitrary file write vulnerability in version 1.26.5. The flaw resides in embedded_get, which uses untrusted embedded file metadata as the output path. If args.output is not provided, the function may write to arbitrary local paths, potent...

CVE-2026-3029 CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029 CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...