1163 matches found
CVE-2026-41312 pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using /FlateDecode with a /Predictor unequal 1 and large predictor...
CVE-2026-41312
CVE-2026-41312 affects the pypdf Python library. Versions prior to 6.10.2 are vulnerable where an attacker can craft a PDF containing a /FlateDecode stream with a /Predictor not equal to 1 and large predictor parameters, causing RAM exhaustion (local access; potential DoS). Affects pypdf’s handli...
CVE-2026-41312
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using /FlateDecode with a /Predictor unequal 1 and large predictor...
CVE-2026-31465
A flaw was found in the Linux kernel. This vulnerability occurs in the writeback mechanism, specifically when handling filesystems that do not guarantee data persistence on synchronization sync operations, such as fuse and fuse-overlayfs. Under certain conditions, like during a suspend-to-RAM eve...
EUVD-2026-24809
In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for filesystems with no data integrity guarantees Add a SBINODATAINTEGRITY superblock flag for filesystems that cannot guarantee data persistence on sync eg fuse. For superblocks with this flag set, sy...
CVE-2026-31467
In the Linux kernel, the following vulnerability has been resolved: erofs: add GFPNOIO in the bio completion if needed The bio completion path in the process context e.g. dm-verity will directly call into decompression rather than trigger another workqueue context for minimal scheduling latencies...
CVE-2026-31467 erofs: add GFP_NOIO in the bio completion if needed
In the Linux kernel, the following vulnerability has been resolved: erofs: add GFPNOIO in the bio completion if needed The bio completion path in the process context e.g. dm-verity will directly call into decompression rather than trigger another workqueue context for minimal scheduling latencies...
CVE-2026-31465
CVE-2026-31465 in the Linux kernel concerns the writeback path for filesystems without data integrity guarantees (e.g., fuse). The fix adds a SB_I_NO_DATA_INTEGRITY superblock flag; when set, sync kicks off writeback of dirty inodes but does not wait for flusher threads to finish. The change move...
PT-2026-34370
In the Linux kernel, the following vulnerability has been resolved: writeback: don't block sync for filesystems with no data integrity guarantees Add a SB I NO DATA INTEGRITY superblock flag for filesystems that cannot guarantee data persistence on sync eg fuse. For superblocks with this flag set...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the use of GFP-Kernel in vmmap Ram. This vulnerability may cause swap I/O to be triggered during...
Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-013158)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013158 advisory. In the Linux kernel, the following vulnerability has been resolved: pstore: Avoid kcore oops by vmaping with VMIOREMAP An oops can be induced by running 'cat...
GHSA-X284-J5P8-9C5P pypdf: Manipulated FlateDecode image dimensions can exhaust RAM
Impact An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using /FlateDecode with large size values. Patches This has been fixed in pypdf==6.10.2. Workarounds If you cannot upgrade yet, consider applying the changes fro...
pypdf: Manipulated FlateDecode image dimensions can exhaust RAM
Impact An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using /FlateDecode with large size values. Patches This has been fixed in pypdf==6.10.2. Workarounds If you cannot upgrade yet, consider applying the changes fro...
pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM
Impact An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using /FlateDecode with a /Predictor unequal 1 and large predictor parameters. Patches This has been fixed in pypdf==6.10.2. Workarounds If you cannot...
PT-2026-34565
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.10.2 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that leads to RAM exhaustion. This occurs when accessing a stream compressed using '/FlateDecode' with a /Predictor unequal to 1...
PT-2026-34567
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.10.2 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF that leads to RAM exhaustion. This occurs when accessing an image using the '/FlateDecode' filter with large size values...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-006733)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006733 advisory. In the Linux kernel, the following vulnerability has been resolved: ARM: tegra: Use I/O memcpy to write to IRAM Kasan crashes the kernel trying to check boundaries...
CVE-2026-23352
In the Linux kernel, the following vulnerability has been resolved: x86/efi: defer freeing of boot services memory efifreebootservices frees memory occupied by EFIBOOTSERVICESCODE and EFIBOOTSERVICESDATA using memblockfreelate. There are two issue with that: memblockfreelate should be used for...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-005665)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005665 advisory. In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a pstore/ram: Do not...
Unity Linux 20.1070e Security Update: kernel (UTSA-2026-005471)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005471 advisory. In the Linux kernel, the following vulnerability has been resolved: pstore/ram: Check start of empty przs during init After commit 30696378f68a pstore/ram: Do not...