39 matches found
CVE-2026-57204
A flaw was found in pypdf, a pure-python PDF library. A remote attacker could exploit this vulnerability by crafting a malicious PDF file that, when parsed, leads to uncontrolled resource consumption and large memory usage. This occurs because the library sometimes ignores defined limits for stre...
CVE-2026-57204
CVE-2026-57204 affects the Python PDF library pypdf. Before version 6.13.3, a malicious PDF can trigger a DoS by causing excessive memory usage when parsing a content stream without a /Length value, due to MAX_DECLARED_STREAM_LENGTH being ignored. The issue is resolved in pypdf 6.13.3. The vulner...
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Axios
Summary Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple vulnerabilities in Axios. CVE-2026-42033, CVE-2026-42034, CVE-2026-42035, CVE-2026-42036, CVE-2026-42037, CVE-2026-42038, CVE-2026-42039, CVE-2026-42040, CVE-2026-42041, CVE-2026-42042,...
Astra Linux – Vulnerability in Poppler
The JPXStream::init function in Poppler 0.78.0 and earlier does not check for negative values of stream length, which can lead to an Integer Overflow. This allows an attacker to allocate a large memory chunk on the heap, with the size controlled by them. This issue was demonstrated by pdftocairo...
SUSE CVE-2026-31747
In the Linux kernel, the following vulnerability has been resolved: comedi: me4000: Fix potential overrun of firmware buffer me4000xilinxdownload loads the firmware that was requested by requestfirmware. It is possible for it to overrun the source buffer because it blindly trusts the file format...
GHSA-HQMH-PPP3-XVM7 pypdf: manipulated stream length values can exhaust RAM
Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Patches This has been fixed in pypdf==6.8.0. Workarounds If you canno...
EUVD-2026-10924
pypdf: manipulated stream length values can exhaust RAM...
CVE-2026-31826
pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...
DEBIAN-CVE-2026-31826
pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...
CVE-2026-31826
The CVE-2026-31826 vulnerability affects the pypdf library prior to 6.8.0. When parsing a content stream with a very large /Length value (independent of the data length), an attacker can trigger excessive memory usage, impacting availability. The issue is resolved in version 6.8.0. Exploit detail...
CVE-2026-31826 pypdf: manipulated stream length values can exhaust RAM
pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...
CVE-2026-31826 pypdf: manipulated stream length values can exhaust RAM
pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...
EUVD-2010-1660
Malware in sbrugna...
EUVD-2018-17663
Malware in sbrugna...
EUVD-2024-40848
Malicious code in bioql PyPI...
DEBIAN-CVE-2025-37947
In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent out-of-bounds stream writes by validating pos ksmbdvfsstreamwrite did not validate whether the write offset pos was within the bounds of the existing stream data length vlen. If pos was greater than or equal to vle...
CVE-2025-37947 ksmbd: prevent out-of-bounds stream writes by validating *pos
In the Linux kernel, the following vulnerability has been resolved: ksmbd: prevent out-of-bounds stream writes by validating pos ksmbdvfsstreamwrite did not validate whether the write offset pos was within the bounds of the existing stream data length vlen. If pos was greater than or equal to vle...
An issue was discovered in FRRouting (FRR) through 10.1. bgp_attr_encap in bgpd/bgp_attr.c does not check the actual remaining stream length before taking the TLV value.
...
openSUSE Security Advisory (SUSE-SU-2024:3108-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE-SU-2024:3108-1 Security update for frr
This update for frr fixes the following issues: - CVE-2024-44070: Fixed missing stream length check before TLV value is taken in bgpattrencap bsc1229438...