75 matches found
CVE-2026-57204
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream...
Linux Distros Unpatched Vulnerability : CVE-2026-54651
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loo...
DEBIAN-CVE-2026-54531
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...
DEBIAN-CVE-2026-54530
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0...
CVE-2026-54530
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0...
UBUNTU-CVE-2026-54651
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1...
UBUNTU-CVE-2026-54531
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...
CVE-2026-54651 pypdf: Possible infinite loop when processing threads/articles in writer
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1...
CVE-2026-54531
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...
CVE-2026-54531 pypdf: Possible infinite loop when processing outlines/bookmarks in writer
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...
CVE-2026-54530
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0...
GHSA-JM82-FX9C-MX94 pypdf: Missing stream length values ignore defined limits
Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream without a /Length value. Patches This has been fixed in pypdf==6.13.3. Workarounds If you cannot upgrade yet,...
pypdf: Possible infinite loop when retrieving fonts for layout-mode text extraction
Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. Patches This has been fixed in pypdf==6.13.0. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3830...
Infinite loop
Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop via the font retrieving. An attacker can cause the application to enter an infinite loop by crafting a specially...
CVE-2026-27644
Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...
CVE-2026-44314 Traccar: Missing edit authorization on device image upload allows read-only users to write files
Traccar is an open source GPS tracking system. Prior to 6.13.0, DeviceResource.uploadImage authorizes the target device only through Condition.PermissionUser.class, getUserId, Device.class and then immediately streams the uploaded body into mediaManager.createFileStream.... Unlike the generic...
PT-2026-43299
Name of the Vulnerable Software and Affected Versions Traccar versions prior to 6.13.0 Description An authorization bypass exists in the GPS tracking system where the 'DeviceResource.uploadImage' endpoint fails to invoke the permissionsService.checkEdit function. While the system uses...
CSV Injection
Overview Affected versions of this package are vulnerable to CSV Injection in the CSV export functionality. An attacker can cause command execution or data exfiltration by injecting malicious formulas into exported fields, which are then executed when the CSV file is opened in spreadsheet softwar...
CVE-2026-27644
Traccar is an open source GPS tracking system. In versions between 6.11.1 and 6.13.0, the CSV export functionality writes position data, including user-controlled device and computed attributes, to CSV output without proper escaping. An attacker can inject spreadsheet formulas through exported...
CVE-2026-27694
Traccar (org.traccar:traccar) versions 6.11.1–6.12.x are vulnerable to stored HTML injection in email notification templates. User-controlled device, geofence, and driver names are inserted into HTML output without proper escaping, allowing an attacker with low privileges to store crafted HTML th...