Lucene search
K

49 matches found

Snyk
Snyk
added 2026/06/18 2:28 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in stream parsing functions, when the /Length value is missing. An attacker c...

8.7CVSS5.9AI score0.00263EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/04/03 11:1 p.m.3 views

CVE-2026-34120

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker on the same network segment could...

7.1CVSS6.2AI score0.00228EPSS
Exploits0References1
NVD
NVD
added 2026/04/02 6:16 p.m.10 views

CVE-2026-34120

A heap-based buffer overflow vulnerability was identified in TP-Link Tapo C520WS v2.6 within the asynchronous parsing of local video stream content due to insufficient alignment and validation of buffer boundaries when processing streaming inputs.An attacker on the same network segment could...

7.1CVSS0.00228EPSS
Exploits0References3
OSV
OSV
added 2026/03/27 12:32 p.m.6 views

CLSA-2026-1774431305 python-pyasn1: Fix of CVE-2026-23490

CVE-2026-23490: fix DoS when malicious stream parsed...

7.5CVSS5.8AI score0.00679EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/02/18 12:0 a.m.8 views

OpenCFD OpenFOAM 安全漏洞

OpenCFD OpenFOAM is a software toolkit developed by the British company OpenCFD, used for numerical simulation of continuum mechanics problems. Version OpenCFD OpenFOAM 2506 contains a security vulnerability, which stems from a defect in the Code Stream command function. This defect may allow...

7.8CVSS6AI score0.0015EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2025/11/27 12:23 a.m.6 views

SUSE CVE-2025-66019

pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patch...

4.8CVSS6.6AI score0.00313EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2025/10/31 4:38 p.m.3 views

Astra Linux - уязвимость в pypdf2

pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if parsecontentstream is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request 969 and resolv...

6.2CVSS6.8AI score0.00352EPSS
Exploits1References2
OSV
OSV
added 2025/10/22 7:40 p.m.3 views

GHSA-VR63-X8VC-M265 pypdf possibly loops infinitely when reading DCT inline images without EOF marker

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. Patches This has been fixed in pypdf==6.1.3. Workarounds If you cannot upgrade yet, consider...

8.7CVSS6.8AI score0.00402EPSS
Exploits0References6
Fedora
Fedora
added 2025/09/26 12:20 a.m.5 views

[SECURITY] Fedora 43 Update: mingw-expat-2.7.2-1.fc43

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

7.5CVSS7AI score0.01279EPSS
Exploits1
Fedora
Fedora
added 2025/09/19 1:38 a.m.6 views

[SECURITY] Fedora 42 Update: expat-2.7.2-1.fc42

This is expat, the C library for parsing XML, written by James Clark. Expat is a stream oriented XML parser. This means that you register handlers with the parser prior to starting the parse. These handlers are called when the parser discovers the associated structures in the document being parse...

7.5CVSS7AI score0.01279EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2025/08/18 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-36464

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if parsecontentstream is...

6.2CVSS6.2AI score0.00352EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/10 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2018-18500

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free vulnerability can occur while parsing an HTML5 stream in concert with custom HTML elements. This results in the stream parser object being free...

9.8CVSS8.3AI score0.12658EPSS
Exploits1References2
OSV
OSV
added 2025/03/20 10:44 a.m.2 views

SUSE-SU-2025:20155-1 Security update for protobuf

This update for protobuf fixes the following issues: - CVE-2024-2410: Fixed use after free when parsing JSON from a stream bsc1223947...

9.8CVSS5.8AI score0.00332EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/02/05 2:46 p.m.9 views

CVE-2020-6113

An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate memory for...

8.8CVSS7.7AI score0.6862EPSS
Exploits1References1
OSV
OSV
added 2024/07/09 7:15 p.m.7 views

AZL-43618 CVE-2024-39684 affecting package opencc 1.1.1-3

Tencent RapidJSON is vulnerable to privilege escalation due to an integer overflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the integer...

7.8CVSS7.1AI score0.00424EPSS
Exploits0References1
OSV
OSV
added 2024/07/09 7:15 p.m.7 views

AZL-43300 CVE-2024-38517 affecting package rapidjson for versions less than 1.1.0-8

Tencent RapidJSON is vulnerable to privilege escalation due to an integer underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened; this triggers the intege...

7.8CVSS7AI score0.00375EPSS
Exploits0References1
Snyk
Snyk
added 2024/07/09 12:0 a.m.5 views

Integer Underflow

Overview Affected versions of this package are vulnerable to Integer Underflow in the GenericReader::ParseNumber function of include/rapidjson/reader.h when parsing JSON text from a stream. An attacker needs to send the victim a crafted file which needs to be opened, this triggers the integer...

8.4CVSS6.8AI score0.00375EPSS
Exploits0References2
Prion
Prion
added 2023/12/05 12:15 p.m.28 views

Integer overflow

An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability...

5CVSS6.9AI score0.01225EPSS
Exploits1References1Affected Software1
UbuntuCve
UbuntuCve
added 2023/12/05 12:15 p.m.23 views

CVE-2023-43628

An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability...

7.5CVSS7.1AI score0.01225EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/12/05 11:35 a.m.32 views

CVE-2023-43628

An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability...

5.9CVSS7.6AI score0.01225EPSS
Exploits1References1
Rows per page
Query Builder