6 matches found
CVE-2026-59935
The CVE affects the Python PDF library pypdf prior to 6.14.2, where a crafted PDF page content stream with an inline image not terminated and using ASCII85/ASCIIHex filters can cause an infinite loop during parsing (e.g., text extraction). This may impact availability (as per CVSS) with no confid...
Astra Linux – Vulnerability in qpdf
A issue was discovered in QPDF version 10.0.4, allowing remote attackers to execute arbitrary code via a crafted .pdf file, through the PlASCII85Decoder::write parameter in libqpdf...
Astra Linux – Vulnerability in qpdf
QPDF versions 9.x through 9.1.1, and 10.x through 10.0.4 have a heap-based buffer overflow in the PlASCII85Decoder::write function invoked from PlAESPDF::flush and PlAESPDF::finish when a certain downstream write operation fails...
The vulnerability of the command-line PDF conversion tool QPDF lies in its memory usage after it is freed. This allows a malicious actor to execute arbitrary code.
The vulnerability of the command-line PDF conversion tool QPDF relates to the use of memory after it is freed. Exploiting this vulnerability could allow an attacker to execute arbitrary code by processing the PlASCII85Decoder::write parameter...
DEBIAN-CVE-2021-36978
QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in PlASCII85Decoder::write called from PlAESPDF::flush and PlAESPDF::finish when a certain downstream write fails...
PT-2021-21416 · Qpdf +4 · Qpdf +4
Name of the Vulnerable Software and Affected Versions: QPDF versions 9.x through 9.1.1 QPDF versions 10.x through 10.0.4 Description: The issue is a heap-based buffer overflow in Pl ASCII85Decoder::write, which is called from Pl AES PDF::flush and Pl AES PDF::finish, occurring when a certain...