26 matches found
Denial-of-service (DoS)
pypdf is vulnerable to denial-of-service DoS. The vulnerability is due to improper handling of PDFs missing the /Root object with a large /Size value in non-strict parsing mode, which allows an attacker to craft an invalid PDF that triggers excessively long runtimes...
CVE-2026-22690
pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be...
SUSE CVE-2026-22690
pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be...
CVE-2026-22690
pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be...
UBUNTU-CVE-2026-22690
pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be...
CVE-2026-22690 pypdf has possible long runtimes for missing /Root object with large /Size values
pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be...
CVE-2026-22690 pypdf has possible long runtimes for missing /Root object with large /Size values
pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be...
CVE-2026-22690
CVE-2026-22690 affects the Python PDF library pypdf prior to version 6.6.0. The issue allows long runtimes for malformed PDFs caused by omitting the /Root entry in the trailer while using a large /Size value; the vulnerability occurs in non-strict reading mode. The problem has been addressed and ...
EUVD-2026-1692
pypdf has possible long runtimes for missing /Root object with large /Size values...
GHSA-4XC4-762W-M6CG pypdf has possible long runtimes for missing /Root object with large /Size values
Impact An attacker who exploits this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be achieved by omitting the /Root entry in the trailer, while using a rather large /Size value. Only the non-strict reading mode is affected. Patches This...
PT-2026-2244
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.6.0 Description pypdf is a free and open-source pure-python PDF library. Versions prior to 6.6.0 are susceptible to potential long runtimes when processing PDF files missing the /Root object but containing a large /Si...
CVE-2025-40226
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Account for failed debug initialization When the SCMI debug subsystem fails to initialize, the related debug root will be missing, and the underlying descriptor will be NULL. Handle this fault condition in the...
EUVD-2024-28047
HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data breache...
PT-2025-49053
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the SCMI debug subsystem. If the subsystem fails to initialize, the debug root may be missing, leading to a NULL descriptor. This condition is not...
(0Day) Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration o...
CVE-2024-30111
HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data breache...
CVE-2024-30111 Missing Root Detection vulnerability affects DRYiCE AEX v10
HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data breache...
CVE-2024-30111 Missing Root Detection vulnerability affects DRYiCE AEX v10
HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data breache...
CVE-2024-30111
The CVE-2024-30111 entry concerns HCL DRYiCE AEX mobile app with a Missing Root Detection vulnerability. Connected sources (EUVD-2024-28047, NVD/NVD-like records, CVE list) indicate the vulnerability affects DRYiCE AEX v10 and is tied to rooted-device bypass, enabling unauthorized access on roote...
Nginx Missing Root Location
The scanner has detected that the Nginx installation does not have a directive for the root location '/'. This could potentially leak useful information about the server installation to a remote, unauthenticated attacker. No source data...