10 matches found
CVE-2026-33699 pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream
pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade yet, consider...
CVE-2026-33699 pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream
pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade yet, consider...
CVE-2026-33699
CVE-2026-33699 affects the pypdf library (Python), with versions prior to 6.9.2 vulnerable to an infinite loop when reading a PDF in non-strict mode. The root cause is within DictionaryObject.read_from_stream processing, leading to potential hang. A fix is available in pypdf 6.9.2, and multiple O...
Infinite loop
Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop in the readfromstream function of DictionaryObject. An attacker can cause the application to enter an infinite loop ...
GHSA-87MJ-5GGW-8QC3 pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream
Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. Patches This has been fixed in pypdf==6.9.2. Workarounds If users cannot upgrade yet, consider applying the changes from PR 3693...
EUVD-2022-3851
Malicious code in bioql PyPI...
GHSA-FX7F-RJQJ-52PJ Deserialization of Untrusted Data in Spring AMQP
In Spring AMQP versions 2.2.0 - 2.2.18 and 2.3.0 - 2.3.10, the Spring AMQP Message object, in its toString method, will deserialize a body for a message with content type application/x-java-serialized-object. It is possible to construct a malicious java.util.Dictionary object that can cause 100%...
Lukeed Dset 安全漏洞
Lukeed Dset is a codebase by the individual developer of Lukeed that can assign values to objects of dictionary type based on the Javascript language. A security vulnerability exists in all versions of Lukeed Dset, which can be exploited by an attacker to implement a prototype contamination attac...
CVE-2015-6758
The CPDFDocument::GetPage function in fpdfapi/fpdfparser/fpdfparserdocument.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, does not properly perform a cast of a dictionary object, which allows remote attackers to cause a denial of service or possibly have unspecified other impact vi...
CVE-2015-6758
Removed by vendor...