GHSA-XQ3G-M3J8-2VMM Duplicate Advisory: OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rxxp-482v-7mrh. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before bufferi...

Duplicate Advisory: OpenClaw's inbound media downloads could exceed configured byte limits before rejection across multiple channels

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-rxxp-482v-7mrh. This link is maintained to preserve external references. Original Description OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before bufferi...

EUVD-2026-13945

OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability...

CVE-2026-32049 OpenClaw < 2026.2.22 - Denial of Service via Inbound Media Download Byte Limit Bypass

OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability...

PT-2026-26731

OpenClaw versions prior to 2026.2.22 fail to consistently enforce configured inbound media byte limits before buffering remote media across multiple channel ingestion paths. Remote attackers can send oversized media payloads to trigger elevated memory usage and potential process instability...

OPENSUSE-SU-2026:20409-1 Security update for harfbuzz

This update for harfbuzz fixes the following issues: Update to version 11.4.5: Security fixes: - CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create bsc1256459. Other fixes: - Bug fixes for “AAT” shaping, and other shaping micro optimizations. - Fix a shaping...

SUSE-SU-2026:20922-1 Security update for harfbuzz

This update for harfbuzz fixes the following issues: Update to version 11.4.5: Security fixes: - CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create bsc1256459. Other fixes: - Bug fixes for “AAT” shaping, and other shaping micro optimizations. - Fix a shaping...

SUSE-SU-2026:20762-1 Security update for harfbuzz

This update for harfbuzz fixes the following issues: Update to version 11.4.5: Security fixes: - CVE-2026-22693: Fixed a NULL pointer dereference in SubtableUnicodesCache::create bsc1256459. Other fixes: - Bug fixes for “AAT” shaping, and other shaping micro optimizations. - Fix a shaping...

CVE-2026-33123

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

CVE-2026-33123

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

UBUNTU-CVE-2026-33123

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

CVE-2026-33123

Affected software: pypdf. Vulnerability: inefficient decoding of array-based streams can enable an attacker to craft PDFs that cause long runtimes and/or high memory usage when accessing an array-based stream with many entries. Root cause: malleable decoding path for array-based streams leading t...

CVE-2026-33123 pypdf has inefficient decoding of array-based streams

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

CVE-2026-33123

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

CVE-2026-33123 pypdf has inefficient decoding of array-based streams

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1...

DEBIAN-CVE-2026-33036

fast-xml-parser allows users to process XML from JS object without C/C++ based libraries or callbacks. Versions 4.0.0-beta.3 through 5.5.5 contain a bypass vulnerability where numeric character references &NNN;, &xHH; and standard XML entities completely evade the entity expansion limits e.g.,...

pypdf 安全漏洞

pypdf is an open-source, free Python library for handling PDF files. It allows for splitting, merging, cropping, and converting pages within PDF files. Versions of pypdf prior to 6.9.1 contained security vulnerabilities, which stemmed from defects in processing malicious PDFs. These vulnerabiliti...

DeepDiff has Memory Exhaustion DoS through SAFE_TO_IMPORT

Summary The pickle unpickler RestrictedUnpickler validates which classes can be loaded but does not limit their constructor arguments. A few of the types in SAFETOIMPORT have constructors that allocate memory proportional to their input builtins.bytes, builtins.list, builtins.range. A 40-byte...

pypdf has inefficient decoding of array-based streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes and/or large memory usage. This requires accessing an array-based stream with lots of entries. Patches This has been fixed in pypdf==6.9.1. Workarounds If you cannot upgrade yet, consider applying the...

OPENSUSE-SU-2026:20386-1 Security update for cosign

This update for cosign fixes the following issues: Update to version 3.0.5: - CVE-2026-24122: Fixed improper validation of certificates that outlive expired CA certificates bsc1258542 - CVE-2026-26958: Fixed filippo.io/edwards25519: failure to initialize receiver in MultiScalarMult can produce...