python310-xhtml2pdf-0.2.16-2.1 on GA media (moderate)

python310-xhtml2pdf-0.2.16-2.1 on GA media Announcement ID: openSUSE-SU-2024:14601-1 Rating: moderate Cross-References: CVE-2024-25885 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

OPENSUSE-SU-2024:14601-1 python310-xhtml2pdf-0.2.16-2.1 on GA media

These are all security issues fixed in the python310-xhtml2pdf-0.2.16-2.1 package on the GA media of openSUSE Tumbleweed...

SUSE CVE-2024-25885

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...

CVE-2024-25885

A flaw was found in xhtml2pdf’s getcolor function in utils.py. This flaw allows an attacker to trigger a Regular expression Denial of Service ReDOS via specially crafted input...

bittytax (=0.5.2), creme-crm (>=2.3.1 <=2.6.20) +22 more potentially affected by CVE-2024-25885 via xhtml2pdf (>=0.0.6 <=0.2.16)

xhtml2pdf PYPI version =0.0.6, =2.3.1, =0.3.0, =1.0.0, =1.0.3, =1.0.2, =1.0.3, =0.1.132, =1.6.0, =3.0.0, =0.1.11, =0.1.10, =0.1.11 and more Source cves: CVE-2024-25885 Source advisory: SNYK:PYTHON-XHTML2PDF-8171506...

Inefficient Regular Expression Complexity

Overview xhtml2pdf is a PDF generator using HTML and CSS Affected versions of this package are vulnerable to Inefficient Regular Expression Complexity via the use of a crafted string in the getcolor function. PoC html expl = 'rgb00' + '0' 3456 with open"PoC.html", "w" as f: f.writef""" exploit ""...

GHSA-JJ5C-HHRG-VV5H xhtml2pdf Denial of Service via crafted string

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...

xhtml2pdf Denial of Service via crafted string

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...

bittytax (=0.5.2), creme-crm (>=2.3.1 <=2.6.20) +22 more potentially affected by CVE-2024-25885 via xhtml2pdf (>=0.0.6 <=0.2.16)

xhtml2pdf PYPI version =0.0.6, =2.3.1, =0.3.0, =1.0.0, =1.0.3, =1.0.2, =1.0.3, =0.1.132, =1.6.0, =3.0.0, =0.1.11, =0.1.10, =0.1.11 and more Source cves: CVE-2024-25885 Source advisory: OSV:GHSA-JJ5C-HHRG-VV5H...

CVE-2024-25885

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...

CVE-2024-25885

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...

DEBIAN-CVE-2024-25885

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...

CVE-2024-25885

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...

xhtml2pdf 安全漏洞

xhtml2pdf is xhtml2pdf open source an HTML to PDF converter using Python, ReportLab Toolkit, html5lib and pypdf. A security vulnerability exists in xhtml2pdf version 0.2.13, which stems from a problem in the getcolor function of utils.py, allowing an attacker to cause a regular expression denial ...

CVE-2024-25885

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...

CVE-2024-25885

CVE-2024-25885 affects xhtml2pdf v0.2.13, where a flaw in the getcolor function in utils.py allows a crafted string to trigger a Regular Expression Denial of Service (ReDOS). The connected documents consistently describe this vulnerability as present in xhtml2pdf-0.2.13 and reproduced in multiple...

CVE-2024-25885

An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string...

PT-2024-21182 · Xhtml2Pdf +1 · Xhtml2Pdf +1

Name of the Vulnerable Software and Affected Versions: xhtml2pdf version 0.2.13 Description: The issue allows attackers to cause a Regular expression Denial of Service ReDOS via supplying a crafted string to the getcolor function in utils.py. This can be exploited by providing a specifically...