PT-2026-34565

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.10.2 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that leads to RAM exhaustion. This occurs when accessing a stream compressed using '/FlateDecode' with a /Predictor unequal to 1...

pypdf 安全漏洞

pypdf is an open-source, free, and pure Python PDF library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages of PDF files. Prior to version 6.10.2, pypdf had a security vulnerability. This vulnerability occurred when processing streams that used FlateDecode...

openSUSE 16 Security Update : python-PyPDF2 (openSUSE-SU-2026:20333-1)

The remote openSUSE 16 host has a package installed that is affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20333-1 advisory. Changes in python-PyPDF2: - CVE-2026-27628: Fixed infinite loop when loading circular /Prev entries in cross-reference streams bsc1258940 -...

Security update for python-PyPDF2 (important)

openSUSE security update: security update for python-pypdf2 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20333-1 Rating: important References: bsc1248089 bsc1258691 bsc1258692 bsc1258693 bsc1258934 bsc1258940 Cross-References: CVE-2025-55197...

pypdf: Manipulated FlateDecode XFA streams can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode. Patches This has been fixed in pypdf==6.7.3. Workarounds If...

Allocation of Resources Without Limits or Throttling

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the xfa property of the reader or the writer when the corresponding strea...

Linux Distros Unpatched Vulnerability : CVE-2026-27026

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes...

CVE-2026-27026 pypdf possibly has long runtimes for malformed FlateDecode streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1...

CVE-2026-27026 pypdf possibly has long runtimes for malformed FlateDecode streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1...

GHSA-9MVC-8737-8J8H pypdf possibly has long runtimes for malformed FlateDecode streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. Patches This has been fixed in pypdf==6.7.1. Workarounds If you cannot upgrade yet, consider applying the chang...

EUVD-2018-6204

Malware in sbrugna...

CVE-2025-55197 pypdf's Manipulated FlateDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are...

GHSA-7HFW-26VP-JP8M PyPDF's Manipulated FlateDecode streams can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are affected on explicit access. Patches This has been...

PyPDF's Manipulated FlateDecode streams can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are affected on explicit access. Patches This has been...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Adobe Digital Editions FlateDecode Out-of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Digital Editions. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within t...

Foxit Reader < 8.0.2 Multiple Vulnerabilities

Binary data 9491.prm...

DEBIAN-CVE-2005-3626

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service crash via a crafted FlateDecode stream that triggers a null dereference...