13 matches found
openSUSE Security Advisory (openSUSE-SU-2024:0366-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE 15 Security Update : python-PyPDF2 (openSUSE-SU-2024:0366-1)
The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the openSUSE- SU-2024:0366-1 advisory. - CVE-2022-24859: Fixed infinite loop vulnerability boo1198588 Tenable has extracted the preceding description block directly from the SUSE security...
Security update for python-PyPDF2 (moderate)
openSUSE Security Update: Security update for python-PyPDF2 Announcement ID: openSUSE-SU-2024:0366-1 Rating: moderate References: 1198588 Cross-References: CVE-2022-24859 Affected Products: openSUSE Backports SLE-15-SP6 An update that fixes one vulnerability is now available. Description:This...
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS : PyPDF2 vulnerability (USN-6176-1)
The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6176-1 advisory. It was discovered that PyPDF2 incorrectly handled certain PDF files. If a user or automated system were tricked into processin...
Debian dla-3451 : python-pypdf2 - security update
The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3451 advisory. ------------------------------------------------------------------------- Debian LTS Advisory DLA-3451-1 [email protected] https://www.debian.org/lts/security/...
Mageia: Security Advisory (MGASA-2022-0224)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Updated python-pypdf2 packages fix security vulnerability
Infinite loop with manipulated inline images CVE-2022-24859...
[SECURITY] [DLA 3039-1] pypdf2 security update
Debian LTS Advisory DLA-3039-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany June 03, 2022 https://wiki.debian.org/LTS Package : pypdf2 Version : 1.26.0-2+deb9u1 CVE ID : CVE-2022-24859 Debian Bug : 1009879 Sebastian Krause discovered that manipulated inline...
Debian DLA-3039-1 : pypdf2 - LTS security update
The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-3039 advisory. Sebastian Krause discovered that manipulated inline images can force PyPDF2, a pure Python PDF library, into an infinite loop, if a maliciously crafted PDF file is processe...
addpage (=0.2.0), amazon-textract-helper (>=0.0.2 <=0.0.30) +88 more potentially affected by CVE-2022-24859 via pypdf2 (>=1.24.0 <=1.27.12)
pypdf2 PYPI version =1.24.0, =0.0.2, =0.0.1, =0.0.2, =0.0.1, =0.1.1, =0.1.1, =0.2.0, =0.1.0, =0.0.1, =1.1.0, =0.9.0, =1.0.0, =2.0.0 - dftimewolf =20200608.0.0a0 and more Source cves: CVE-2022-24859 Source advisory: OSV:GHSA-XCJX-M2PJ-8G79...
addpage (=0.2.0), amazon-textract-helper (>=0.0.2 <=0.0.30) +88 more potentially affected by CVE-2022-24859 via pypdf2 (>=1.24.0 <=1.27.12)
pypdf2 PYPI version =1.24.0, =0.0.2, =0.0.1, =0.0.2, =0.0.1, =0.1.1, =0.1.1, =0.2.0, =0.1.0, =0.0.1, =1.1.0, =0.9.0, =1.0.0, =2.0.0 - dftimewolf =20200608.0.0a0 and more Source cves: CVE-2022-24859 Source advisory: OSV:PYSEC-2022-194...
CVE-2022-24859 Manipulated inline images can cause Infinite Loop in PyPDF2
PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content...
CVE-2022-24859
CVE-2022-24859 affects PyPDF2 prior to 1.27.5. The issue is an infinite loop triggered when a malicious PDF is processed because the ContentStream._readInlineImage loop does not terminate unless it encounters an EI token, failing to detect end-of-stream. This can cause unbounded processing time d...