CVE-2026-33699 pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade yet, consider...

Infinite loop

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop in the readfromstream function of DictionaryObject. An attacker can cause the application to enter an infinite loop ...

Allocation of Resources Without Limits or Throttling

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in readfromstream, when parsing PDF content streams. An attacker can consume...

The vulnerabilities of the functions php_libxml_input_buffer_create_filename() and php_libxml_sniff_charset_from_stream() in the PHP interpreter allow a hacker to redirect users to any desired URL address.

The vulnerabilities of the functions phplibxmlinputbuffercreatefilename and phplibxmlsniffcharsetfromstream in the PHP interpreter are related to the use of open redirection. Exploiting these vulnerabilities could allow a malicious actor to redirect users to any desired URL address...

CVE-2022-41426

Bento4 v1.6.0-639 was discovered to contain a memory leak via the AP4AtomFactory::CreateAtomFromStream function in mp4split...

The vulnerability in the implementation of the LoadFromFile, LoadFromString, or LoadFromStream functions of the PDF Quick PDF Library allows a perpetrator to trigger a service failure.

The vulnerability of the implementation of the LoadFromFile, LoadFromString, or LoadFromStream functions in the PDF handling library of the Quick PDF Library is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability can allow an attacker to trigger a...

CVE-2018-20247

In Foxit Quick PDF Library all versions prior to 16.12, issue where loading a malformed or malicious PDF containing a recursive page tree structure using the LoadFromFile, LoadFromString or LoadFromStream functions results in a stack overflow...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound. In PoDoFo 0.9.5, there is an integer overflow in the PdfObjectStreamParserObject::ReadObjectsFromStream function base/PdfObjectStreamParserObject.cpp. Remote attackers could leverage this vulnerability to...

CVE-2008-0015

Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library ATL, as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold...