Lucene search
K

53 matches found

CVE
CVE
added 2025/08/13 11:3 p.m.77 views

CVE-2025-55197

The CVE-2025-55197 issue affects pypdf prior to version 6.0.0, where a crafted PDF using a sequence of FlateDecode filters in a malicious cross-reference stream can exhaust RAM (DoS). Other content streams may be affected on explicit access. The vulnerability has been fixed in 6.0.0. A workaround...

8.7CVSS7.2AI score0.00437EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2025/08/13 11:3 p.m.15 views

CVE-2025-55197 pypdf's Manipulated FlateDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are...

8.7CVSS0.00437EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/03/22 12:0 a.m.6 views

PT-2023-21576 · Saml +1 · Saml +1

Name of the Vulnerable Software and Affected Versions: github.com/crewjam/saml versions prior to 0.4.13 Description: The issue arises from the package's use of flate.NewReader without limiting the size of the input. This allows a user to pass more than 1 MB of data in an HTTP request to the...

9.8CVSS7.4AI score0.84607EPSS
Exploits5References89
CNNVD
CNNVD
added 2023/03/22 12:0 a.m.10 views

Crewjam Saml 安全漏洞

Crewjam Saml is a Go-based implementation of a codebase that interacts with Saml format files by the individual developers of Crewjam. A security vulnerability exists in Crewjam Saml versions prior to 0.4.13, which stems from not limiting the size of input to flate.NewReader...

7.5CVSS7.2AI score0.00957EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2020/12/09 12:0 a.m.38 views

SUSE SLED15 / SLES15 Security Update : go1.15 (SUSE-SU-2020:3368-1)

This update for go1.15 fixes the following issues : go1.15.5 released 2020-11-12 includes security fixes to the cmd/go and math/big packages. - go42553 math/big: panic during recursive division of very large numbers bsc1178750 CVE-2020-28362 - go42560 cmd/go: arbitrary code can be injected into c...

7.5CVSS7.4AI score0.03813EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2020/12/03 12:0 a.m.39 views

openSUSE Security Update : go1.15 (openSUSE-2020-2139)

This update for go1.15 fixes the following issues : - go1.15.5 released 2020-11-12 includes security fixes to the cmd/go and math/big packages. - go42553 math/big: panic during recursive division of very large numbers bsc1178750 CVE-2020-28362 - go42560 cmd/go: arbitrary code can be injected into...

7.5CVSS7.4AI score0.03813EPSS
Exploits0References7
seebug.org
seebug.org
added 2017/11/06 12:0 a.m.103 views

Google PDFium TIFF Image Flate Decoder Code Execution Vulnerability(CVE-2017-5133)

Summary An off-by-one read/write on the heap vulnerability exists in the TIFF image decoder functionality of Pdfium as used by Google Chrome up to and including 60.0.3112.101. A specially crafted PDF file can trigger an off-by-one read and write on the heap resulting in memory corruption and a...

9.4AI score0.01999EPSS
Exploits1
CNVD
CNVD
added 2017/10/30 12:0 a.m.6 views

Google PDFium TIFF Image Flate Decoder Code Execution Vulnerability

Google PDFium is Google in the BSD 3-Clause license under the open source , based on Foxit technology , embedded in Google Chrome's PDF rendering engine . Google PDFium TIFF Image Flate decoder there are code execution vulnerabilities, attackers can exploit the vulnerabilities lead to memory...

8.8CVSS7.6AI score0.01999EPSS
Exploits1References1
Talos
Talos
added 2017/10/19 12:0 a.m.63 views

Google PDFium TIFF Image Flate Decoder Code Execution Vulnerability

Summary An off-by-one read/write on the heap vulnerability exists in the TIFF image decoder functionality of Pdfium as used by Google Chrome up to and including 60.0.3112.101. A specially crafted PDF file can trigger an off-by-one read and write on the heap resulting in memory corruption and a...

8.8CVSS9.2AI score0.01999EPSS
Exploits1
Veracode
Veracode
added 2017/06/22 5:48 a.m.5 views

Denial Of Service (DoS) Through Infinite Loop

compress/flate in github.com/golang/go is vulnerable to denial of service DoS attacks. An infinite loop can be triggered when flate is parsing malformed data from gzip...

6.4AI score
Exploits0
Prion
Prion
added 2011/10/06 11:55 p.m.14 views

Stack overflow

Stack-based buffer overflow in Iceni Argus 6.20 and earlier and Infix 5.04 allows remote attackers to execute arbitrary code via a crafted PDF document that uses flate compression...

10CVSS8.6AI score0.06038EPSS
Exploits0References5Affected Software2
CVE
CVE
added 2011/10/06 11:0 p.m.51 views

CVE-2011-3332

The CVE-2011-3332 entry refers to a stack-based buffer overflow in Iceni Argus (6.20 and earlier) and Infix (5.04) that can be triggered by a crafted flate-compressed PDF, allowing remote code execution. Affected components: Iceni Argus library (PDF handling) and Iceni Infix; impact is remote cod...

10CVSS8.3AI score0.06038EPSS
Exploits0References5Affected Software2
RedHat Linux
RedHat Linux
added 2006/01/19 5:38 p.m.6 views

security flaw

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service crash via a crafted FlateDecode stream that triggers a null dereference...

5CVSS7.3AI score0.0341EPSS
Exploits1References4
Rows per page
Query Builder