53 matches found
CVE-2025-55197
The CVE-2025-55197 issue affects pypdf prior to version 6.0.0, where a crafted PDF using a sequence of FlateDecode filters in a malicious cross-reference stream can exhaust RAM (DoS). Other content streams may be affected on explicit access. The vulnerability has been fixed in 6.0.0. A workaround...
CVE-2025-55197 pypdf's Manipulated FlateDecode streams can exhaust RAM
pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are...
PT-2023-21576 · Saml +1 · Saml +1
Name of the Vulnerable Software and Affected Versions: github.com/crewjam/saml versions prior to 0.4.13 Description: The issue arises from the package's use of flate.NewReader without limiting the size of the input. This allows a user to pass more than 1 MB of data in an HTTP request to the...
Crewjam Saml 安全漏洞
Crewjam Saml is a Go-based implementation of a codebase that interacts with Saml format files by the individual developers of Crewjam. A security vulnerability exists in Crewjam Saml versions prior to 0.4.13, which stems from not limiting the size of input to flate.NewReader...
SUSE SLED15 / SLES15 Security Update : go1.15 (SUSE-SU-2020:3368-1)
This update for go1.15 fixes the following issues : go1.15.5 released 2020-11-12 includes security fixes to the cmd/go and math/big packages. - go42553 math/big: panic during recursive division of very large numbers bsc1178750 CVE-2020-28362 - go42560 cmd/go: arbitrary code can be injected into c...
openSUSE Security Update : go1.15 (openSUSE-2020-2139)
This update for go1.15 fixes the following issues : - go1.15.5 released 2020-11-12 includes security fixes to the cmd/go and math/big packages. - go42553 math/big: panic during recursive division of very large numbers bsc1178750 CVE-2020-28362 - go42560 cmd/go: arbitrary code can be injected into...
Google PDFium TIFF Image Flate Decoder Code Execution Vulnerability(CVE-2017-5133)
Summary An off-by-one read/write on the heap vulnerability exists in the TIFF image decoder functionality of Pdfium as used by Google Chrome up to and including 60.0.3112.101. A specially crafted PDF file can trigger an off-by-one read and write on the heap resulting in memory corruption and a...
Google PDFium TIFF Image Flate Decoder Code Execution Vulnerability
Google PDFium is Google in the BSD 3-Clause license under the open source , based on Foxit technology , embedded in Google Chrome's PDF rendering engine . Google PDFium TIFF Image Flate decoder there are code execution vulnerabilities, attackers can exploit the vulnerabilities lead to memory...
Google PDFium TIFF Image Flate Decoder Code Execution Vulnerability
Summary An off-by-one read/write on the heap vulnerability exists in the TIFF image decoder functionality of Pdfium as used by Google Chrome up to and including 60.0.3112.101. A specially crafted PDF file can trigger an off-by-one read and write on the heap resulting in memory corruption and a...
Denial Of Service (DoS) Through Infinite Loop
compress/flate in github.com/golang/go is vulnerable to denial of service DoS attacks. An infinite loop can be triggered when flate is parsing malformed data from gzip...
Stack overflow
Stack-based buffer overflow in Iceni Argus 6.20 and earlier and Infix 5.04 allows remote attackers to execute arbitrary code via a crafted PDF document that uses flate compression...
CVE-2011-3332
The CVE-2011-3332 entry refers to a stack-based buffer overflow in Iceni Argus (6.20 and earlier) and Infix (5.04) that can be triggered by a crafted flate-compressed PDF, allowing remote code execution. Affected components: Iceni Argus library (PDF handling) and Iceni Infix; impact is remote cod...
security flaw
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service crash via a crafted FlateDecode stream that triggers a null dereference...