USN-8324-1: Apache Tika vulnerabilities

It was discovered that Apache Tika incorrectly handled XML external entities when parsing XFA content in PDF files. An attacker could possibly use this issue to obtain sensitive information or send malicious requests to internal resources or third-party servers...

USN-8324-1 tika vulnerabilities

It was discovered that Apache Tika incorrectly handled XML external entities when parsing XFA content in PDF files. An attacker could possibly use this issue to obtain sensitive information or send malicious requests to internal resources or third-party servers...

Denial Of Service (DoS)

pypdf is vulnerable to Denial Of Service. The vulnerability is due to parsing a PDF content stream with an inflated Length value, where the parser allocates memory based on the declared length without verifying the actual data size, and an attacker can craft a PDF with a large /Length field to...

CVE-2026-31826 pypdf: manipulated stream length values can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...

CVE-2026-31826 pypdf: manipulated stream length values can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...

UBUNTU-CVE-2026-28351

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaroun...

PT-2026-1342

Name of the Vulnerable Software and Affected Versions jsPDF versions prior to 4.0.0 Description jsPDF, a JavaScript library for generating PDFs, has a critical flaw in its Node.js builds. Prior to version 4.0.0, the loadFile, addImage, html, and addFont methods are susceptible to local file...

CVE-2025-66019

CVE-2025-66019 affects the Python PDF library pypdf up to version 6.3.x. Reporter data from multiple sources state that parsing a page content stream using the LZWDecode filter can cause memory usage to balloon to as much as 1 GB per stream, leading to potential denial of service on affected pars...

CVE-2025-62708 pypdf manipulated LZWDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3...

CVE-2025-62614 BookLore Media API Authentication Bypass

BookLore is a self-hosted web app for organizing and managing personal book collections. In versions 1.8.1 and prior, an authentication bypass vulnerability in the BookMediaController allows any unauthenticated user to access and download book covers, thumbnails, and complete PDF/CBX page content...

EUVD-2015-3696

Malware in sbrugna...

EUVD-2020-12442

Malware in sbrugna...

EUVD-2018-4988

Malware in sbrugna...

EUVD-2025-23528

Malicious code in bioql PyPI...

EUVD-2025-6755

Malicious code in bioql PyPI...

Amazon Linux 2023 : cairo, cairo-devel, cairo-gobject (ALAS2023-2025-1172)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2025-1172 advisory. An issue was discovered in freedesktop poppler v25.04.0. The heap memory containing PDF stream objects is not cleared upon program exit, allowing attackers to obtain sensitive PDF content via a memory...

Medium: cairo

Issue Overview: An issue was discovered in freedesktop poppler v25.04.0. The heap memory containing PDF stream objects is not cleared upon program exit, allowing attackers to obtain sensitive PDF content via a memory dump. CVE-2025-50422 Affected Packages: cairo Note: This advisory is applicable ...

CVE-2025-50422

Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled-face == NULL" assertion failure for cairoftunscaledfontfini in cairo-ft-font.c...

CVE-2025-50422

Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled-face == NULL" assertion failure for cairoftunscaledfontfini in cairo-ft-font.c...

CVE-2025-50422

Cairo through 1.18.4, as used in Poppler through 25.08.0, has an "unscaled-face == NULL" assertion failure for cairoftunscaledfontfini in cairo-ft-font.c...