CVE-2026-41401

libyang before 5.2.6 contains a heap use-after-free write vulnerability in lydparsersetdataflags that incorrectly updates metadata list pointers when freeing non-head default metadata entries. Attackers can trigger this vulnerability by submitting crafted YANG XML documents with specific metadata...

Fedora 33 : python-pikepdf (2021-4bf9909a76)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-4bf9909a76 advisory. - models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries. CVE-2021-29421 Note that...

Fedora 32 : python-pikepdf (2021-d97bc581be)

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-d97bc581be advisory. - models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries. CVE-2021-29421 Note that...

CVE-2021-29421

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries...