Uncontrolled Memory Allocation

pypdf is vulnerable to uncontrolled memory allocation. The vulnerability is due to improper handling of LZWDecode streams, which allows an attacker to craft a malicious PDF that causes excessive memory consumption up to 1 GB per stream during content parsing...

UBUNTU-CVE-2025-66019

pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patch...

CVE-2025-66019 pypdf manipulated LZWDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patch...

pypdf's LZWDecode streams be manipulated to exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This is a follow up to GHSA-jfx9-29x2-rv3j to align the default limit with the one for zlib. Patche...

DEBIAN-CVE-2025-62708

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3...

CVE-2025-62708

pypdf (Python PDF library) prior to version 6.1.3 is affected by CVE-2025-62708: an attacker can craft a PDF that triggers large memory usage when parsing a page content stream using the LZWDecode filter. The issue has been fixed in pypdf 6.1.3. This is documented in the CVE entry and corroborate...

CVE-2025-62708 pypdf manipulated LZWDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3...

CVE-2025-62708

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3...

CVE-2025-62708 pypdf manipulated LZWDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3...

Unity Linux 20.1070e Security Update: libtiff (UTSA-2025-680618)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-680618 advisory. LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tiflzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For...

The vulnerability of the LZWDecode function in the libtiff/tif_lzw.c component of the LibTIFF library, which allows a hacker to cause a service failure.

The vulnerability of the LZWDecode function in the libtiff/tiflzw.c component of the LibTIFF library is related to reading data beyond the allowable buffer limits. Exploiting this vulnerability could allow a malicious actor to cause service interruptions through a specially created TIF file...

libtiff: null pointer deference in LZWDecode() in libtiff/tif_lzw.c

A NULL pointer dereference flaw was found in Libtiff's LZWDecode function in the libtiff/tiflzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or...

Medium: libtiff

Issue Overview: A NULL pointer dereference flaw was found in Libtiff's LZWDecode function in the libtiff/tiflzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a...

SUSE CVE-2023-2731

A NULL pointer dereference flaw was found in Libtiff's LZWDecode function in the libtiff/tiflzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or...

UBUNTU-CVE-2023-2731

A NULL pointer dereference flaw was found in Libtiff's LZWDecode function in the libtiff/tiflzw.c file. This flaw allows a local attacker to craft specific input data that can cause the program to dereference a NULL pointer when decompressing a TIFF format file, resulting in a program crash or...

LibTIFF 代码问题漏洞

LibTIFF is a library for reading and writing TIFF Tagged Image File Format files. The library contains some command line tools for working with TIFF files. A denial of service vulnerability exists in LibTIFF, which stems from a NULL pointer dereference issue found in the LZWDecode function, and c...

AZL-9734 CVE-2022-1623 affecting package libtiff for versions less than 4.4.0-1

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tiflzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa...

DEBIAN-CVE-2022-1622

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tiflzw.c:619, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa...

libtiff: heap-based buffer overflow in tif_lzw.c:LZWDecodeCompat() allows for denial of service

In LibTIFF 4.0.9, a heap-based buffer overflow occurs in the function LZWDecodeCompat in tiflzw.c via a crafted TIFF file, as demonstrated by tiff2ps...

libtiff: tiff2bw tool failed memory allocation leads to crash

An issue was discovered in LibTIFF 4.0.9. There is a NULL pointer dereference in the function LZWDecode in the file tiflzw.c...