49 matches found
Allocation of Resources Without Limits or Throttling
Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in stream parsing functions, when the /Length value is missing. An attacker c...
CVE-2026-34120
A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker on the same network segment could...
CVE-2026-34120
A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker on the same network segment could...
CLSA-2026-1774431305 python-pyasn1: Fix of CVE-2026-23490
CVE-2026-23490: fix DoS when malicious stream parsed...
OpenCFD OpenFOAM 安全漏洞
OpenCFD OpenFOAM is a software toolkit developed by the British company OpenCFD, used for numerical simulation of continuum mechanics problems. Version OpenCFD OpenFOAM 2506 contains a security vulnerability, which stems from a defect in the Code Stream command function. This defect may allow...
SUSE CVE-2025-66019
pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patch...
Astra Linux - уязвимость в pypdf2
pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if parsecontentstream is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request 969 and resolv...
GHSA-VR63-X8VC-M265 pypdf possibly loops infinitely when reading DCT inline images without EOF marker
Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. Patches This has been fixed in pypdf==6.1.3. Workarounds If you cannot upgrade yet, consider...
[SECURITY] Fedora 43 Update: mingw-expat-2.7.2-1.fc43
This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...
[SECURITY] Fedora 42 Update: expat-2.7.2-1.fc42
This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...
Linux Distros Unpatched Vulnerability : CVE-2023-36464
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if parsecontentstream is...
Linux Distros Unpatched Vulnerability : CVE-2018-18500
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being free...
SUSE-SU-2025:20155-1 Security update for protobuf
This update for protobuf fixes the following issues: - CVE-2024-2410: Fixed use after free when parsing JSON from a stream bsc1223947...
CVE-2020-6113
An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for...
AZL-43618 CVE-2024-39684 affecting package opencc 1.1.1-3
Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer...
AZL-43300 CVE-2024-38517 affecting package rapidjson for versions less than 1.1.0-8
Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the intege...
Integer Underflow
Overview Affected versions of this package are vulnerable to Integer Underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened, this triggers the integer...
Integer overflow
An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability...
CVE-2023-43628
An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability...
CVE-2023-43628
An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability...