Malicious code in sigma-scale-fire-dog-decode (npm)

The package sigma-scale-fire-dog-decode was found to contain malicious code...

Malicious code in file-load-validate-cat-decode (npm)

The package file-load-validate-cat-decode was found to contain malicious code...

Malicious code in parse-tree-array-function-decode (npm)

The package parse-tree-array-function-decode was found to contain malicious code...

MAL-2025-28881 Malicious code in parse-tree-array-function-decode (npm)

The package parse-tree-array-function-decode was found to contain malicious code...

MAL-2025-33833 Malicious code in spy-promise-pi-decode-cold (npm)

The package spy-promise-pi-decode-cold was found to contain malicious code...

MAL-2025-20549 Malicious code in file-test-decode-balance-secure (npm)

The package file-test-decode-balance-secure was found to contain malicious code...

MAL-2025-26649 Malicious code in monitor-eta-decode-cold-assert (npm)

The package monitor-eta-decode-cold-assert was found to contain malicious code...

Malicious code in import-user-reject-decode-async (npm)

The package import-user-reject-decode-async was found to contain malicious code...

Malicious code in serialize-sudo-delta-sandbox-decode (npm)

The package serialize-sudo-delta-sandbox-decode was found to contain malicious code...

Malicious code in upsilon-decode-gamma-slow-report (npm)

The package upsilon-decode-gamma-slow-report was found to contain malicious code...

MAL-2025-19089 Malicious code in easy-visualize-decode-phi-meta (npm)

The package easy-visualize-decode-phi-meta was found to contain malicious code...

MAL-2025-20547 Malicious code in file-load-validate-cat-decode (npm)

The package file-load-validate-cat-decode was found to contain malicious code...

CVE-2025-55197

A flaw was found in pypdf. Processing maliciously crafted PDF files utilizing a sequence of FlateDecode filters can exhaust available RAM. An attacker can trigger this condition by simply reading the malicious PDF file. This results in a resource exhaustion condition, leading to an application...

OSV-2025-627 Null-dereference READ in ProcessRows

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=438295348 Crash type: Null-dereference READ Crash state: ProcessRows DecodeImageData VP8LDecodeImage...

Allocation of Resources Without Limits or Throttling

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to the decompressed size for the FlateDecode filter. An attacker can caus...

CVE-2025-55197

pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are...

CVE-2025-55197

The CVE-2025-55197 issue affects pypdf prior to version 6.0.0, where a crafted PDF using a sequence of FlateDecode filters in a malicious cross-reference stream can exhaust RAM (DoS). Other content streams may be affected on explicit access. The vulnerability has been fixed in 6.0.0. A workaround...

CVE-2025-55197 pypdf's Manipulated FlateDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are...

CVE-2025-8760

A vulnerability was identified in INSTAR 2K+ and 4K 3.11.1 Build 1124. This affects the function base64decode of the component fcgiserver. The manipulation of the argument Authorization leads to buffer overflow. It is possible to initiate the attack remotely...

CVE-2025-8760

CVE-2025-8760 analysis (INSTAR 2K+/4K): A buffer overflow in the fcgi_server component (base64_decode) is triggered by manipulating the Authorization argument, allowing remote exploitation in INSTAR 2K+ and 4K, version 3.11.1 Build 1124. Several sources (e.g., Red Hat entry, CVE lists, PT-Securit...