1889 matches found
CVE-2026-27025
CVE-2026-27025 affects the PyPDF family (pypdf). The issue is triggered by parsing a PDF’s font /ToUnicode entry with unusually large values, causing long runtimes and large memory usage (DoS risk). The vulnerability is fixed in pypdf 6.7.1; remediation is upgrading to 6.7.1 or newer. Connected a...
CVE-2026-27025 pypdf has possible long runtimes/large memory usage for large /ToUnicode streams
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...
CVE-2026-27025 pypdf has possible long runtimes/large memory usage for large /ToUnicode streams
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...
CVE-2026-27025 pypdf has possible long runtimes/large memory usage for large /ToUnicode streams
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...
CVE-2026-27025
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text...
pypdf 安全漏洞
pypdf is an open-source, free Python library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages within PDF files. Versions of pypdf prior to 6.7.1 contained security vulnerabilities. These vulnerabilities stemmed from /ToUnicode entries in the font parsing, whic...
CVE-2026-26313 Go Ethereum affected by DoS via malicious p2p message
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release...
CVE-2026-26313
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release...
CVE-2026-26313 Go Ethereum affected by DoS via malicious p2p message
go-ethereum geth is a golang execution layer implementation of the Ethereum protocol. Prior to version 1.17.0, an attacker can cause high memory usage by sending a specially-crafted p2p message. The issue is resolved in the v1.17.0 release...
go-ethereum 安全漏洞
go-ethereum is an open-source Ethereum protocol library developed by ethereum. Versions of go-ethereum prior to 1.17.0 contained security vulnerabilities; these vulnerabilities allowed attackers to cause high memory usage by sending specially crafted P2P messages...
GHSA-WGVP-VG3V-2XQ3 pypdf has possible long runtimes/large memory usage for large /ToUnicode streams
Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. Patches This has been fixed in pypdf==6.7.1. Workarounds ...
GHSA-689V-6XWF-5JF3 Go Ethereum affected by DoS via malicious p2p message
Impact An attacker can cause high memory usage by sending a specially-crafted p2p message. More details to be released later. Patches The issue is resolved in the v1.17.0 release. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by @revofusion...
Go Ethereum affected by DoS via malicious p2p message
Impact An attacker can cause high memory usage by sending a specially-crafted p2p message. More details to be released later. Patches The issue is resolved in the v1.17.0 release. Credit This issue was reported to the Ethereum Foundation Bug Bounty Program by @revofusion...
golang: archive/zip: Excessive CPU consumption when building archive index in archive/zip
A flaw was found in the archive/zip package in the Go standard library. A super-linear file name indexing algorithm is used in the first time a file in an archive is opened. A crafted zip archive containing a specific arrangement of file names can cause an excessive CPU and memory consumption. A ...
PT-2026-20908
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.7.1 Description pypdf is a free and open-source pure-python PDF library. An attacker can create a malicious PDF file that causes excessive runtime and memory usage when processed. This occurs when parsing the /ToUnico...
FreeBSD : powerdns-recursor -- Denial of Service (67793feb-0b5b-11f1-a1c0-0050569f0b83)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 67793feb-0b5b-11f1-a1c0-0050569f0b83 advisory. PowerDNS Team reports: 2025-07: Internal logic flaw in cache management can lead to a denial o...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
urllib3: urllib3 Streaming API improperly handles highly compressed data
A decompression handling flaw has been discovered in urllib3. When streaming a compressed response, urllib3 can perform decoding or decompression based on the HTTP Content-Encoding header e.g., gzip, deflate, br, or zstd. The library must read compressed data from the network and decompress it...
urllib3: urllib3: Unbounded decompression chain leads to resource exhaustion
A flaw was found in urllib3 Python library that could lead to a Denial of Service condition. A remote, malicious server can exploit this flaw by responding to a client request with an HTTP message that uses an excessive number of chained compression algorithms. This unlimited decompression chain...