3 matches found
CVE-2026-27025 pypdf has possible long runtimes/large memory usage for large /ToUnicode streams
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...
CVE-2026-27025 pypdf has possible long runtimes/large memory usage for large /ToUnicode streams
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...
github.com/ulikunitz/xz leaks memory when decoding a corrupted multiple LZMA archives
Summary It is possible to put data in front of an LZMA-encoded byte stream without detecting the situation while reading the header. This can lead to increased memory consumption because the current implementation allocates the full decoding buffer directly after reading the header. The LZMA head...