Security update for python-PyMuPDF (important)

openSUSE security update: security update for python-pymupdf ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20887-1 Rating: important References: bsc1259921 Cross-References: CVE-2026-3029 Affected Products: openSUSE Leap 16.0...

OPENSUSE-SU-2026:20887-1 Security update for python-PyMuPDF

This update for python-PyMuPDF fixes the following issues: Changes in python-PyMuPDF: - CVE-2026-3029: Fixed path traversal and arbitrary file write via the embeddedget function in main.py bsc1259921...

Integer Overflow or Wraparound

Overview PyMuPDF is an A high performance Python library for data extraction, analysis, conversion & manipulation of PDF and other documents. Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the pdfloadimageimp function. An attacker can achieve arbitrary code...

10xscale-agentflow-cli (>=0.3.0 <=0.3.1), 3m (>=0.1.0 <=0.1.3) +2397 more potentially affected by CVE-2026-3308 via pymupdf (>=1.16.14 <=1.27.2.3)

pymupdf PYPI version =1.16.14, =0.3.0, =0.1.0, =0.1.1001, =1.1.0, =0.0.4.80, =4.0.2 - aait-store-cut-part-001 =0.0.1 - aait-store-cut-part-002 =0.0.1 - aait-store-cut-part-003 =0.0.1 - aait-store-cut-part-004 =0.0.1 - aait-store-cut-part-005 =0.0.1 - aait-store-cut-part-006 =0.0.1 -...

OPENSUSE-SU-2026:10416-1 python313-PyMuPDF-1.27.2.2-1.1 on GA media

These are all security issues fixed in the python313-PyMuPDF-1.27.2.2-1.1 package on the GA media of openSUSE Tumbleweed...

Path Traversal

PyMuPDF is vulnerable to Path Traversal. The vulnerability is due to improper validation of file paths in the embedded get function in main.py, allowing attackers to manipulate paths and write files outside the intended directory, leading to arbitrary file write...

SUSE CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

Directory Traversal

Overview PyMuPDF is an A high performance Python library for data extraction, analysis, conversion & manipulation of PDF and other documents. Affected versions of this package are vulnerable to Directory Traversal via the embeddedget function if the derived output path is not supplied with...

42towels (>=0.1.1001 <=0.1.1011), aait (>=0.0.4.80 <=2.3.14) +288 more potentially affected by CVE-2026-3029 via pymupdf (>=1.16.14 <=1.26.6)

pymupdf PYPI version =1.16.14, =0.1.1001, =0.0.4.80, =0.1.3, =0.7.0, =0.0.1, =0.1.31, =0.0.5, =0.0.3.20, =0.0.1, =0.1.0, =1.5.0, =1.2.3, =1.4.11 - arcoocr =1.0.1 and more Source cves: CVE-2026-3029 Source advisory: SNYK:PYTHON-PYMUPDF-15702040...

contextifier (>=0.1.0 <=0.2.2), datascav-switch (=1.1.0) +10 more potentially affected by CVE-2026-3029 via pymupdf (>=1.26.5 <=1.26.6)

pymupdf PYPI version =1.26.5, =0.1.0, =0.5.0, =0.1.0, =0.0.53, =0.13.1, =0.1.0, =0.3.0 - xl-pdf =0.1.1 Source cves: CVE-2026-3029 Source advisory: OSV:GHSA-CXQH-P2W9-FMR7...

PyMuPDF has a path traversal in _main_.py

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

GHSA-CXQH-P2W9-FMR7 PyMuPDF has a path traversal in _main_.py

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

UBUNTU-CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029 CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029 CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029

A path traversal and arbitrary file write vulnerability exist in the embedded get function in 'main.py' in PyMuPDF version, 1.26.5...

CVE-2026-3029

Summary: CVE-2026-3029 affects PyMuPDF 1.26.5. A path traversal in the embedded_get function (in main .py) allows arbitrary file writes. Impact: writing files to arbitrary local locations, potentially with elevated privileges. Status: document set confirms version and file, with remediation guida...