Lucene search
K

8 matches found

RedhatCVE
RedhatCVE
added 2026/06/24 1:56 a.m.11 views

CVE-2026-49461

A flaw was found in pypdf. An attacker can craft a malicious PDF document containing a form XObject with self-references. When a user attempts to extract text from a page within this crafted PDF, it can lead to excessive memory consumption. This vulnerability may result in a Denial of Service DoS...

6.9CVSS5.7AI score0.00123EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/22 8:27 p.m.24 views

CVE-2026-49461 pypdf: Possible large memory usage for form XObjects during text extraction

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12....

6.9CVSS0.00123EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/22 8:27 p.m.6 views

CVE-2026-49461

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12....

6.9CVSS5.8AI score0.00123EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2026/06/16 1:47 p.m.8 views

pypdf: Possible large memory usage for form XObjects during text extraction

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. Patches This has been fixed in pypdf==6.12.2. Workarounds If you cannot upgrade yet, consider applying...

6.9CVSS5.2AI score0.00123EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2024/04/10 6:14 p.m.37 views

CVE-2024-31464 XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted

XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it'...

6.8CVSS6.7AI score0.00376EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/04/15 12:0 a.m.4 views

XWiki Commons 跨站脚本漏洞

XWiki Commons is a technology library shared by several other top XWiki projects. A cross-site scripting vulnerability exists in XWiki Commons, which stems from a failure to check the authors of a JavaScript xobject or StyleSheet xobject that is added to an XWiki document...

9CVSS5.4AI score0.00942EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/04/12 12:0 a.m.5 views

PT-2023-22203 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions prior to 14.9-rc-1 Description: The issue arises from the lack of checks on the author of a JavaScript xobject or StyleSheet xobject added to a XWiki document. This allowed a user with only Edit Right to create such an object a...

9CVSS5.2AI score0.00942EPSS
Exploits1References11
Binamuse
Binamuse
added 2014/09/18 6:31 p.m.685 views

CoreGraphics Information Disclosure - CVE-2014-4378

This article explores the exploitability of MobileSafari on IOS 7.1.x. Using a crafted PDF file as an HTML image makes it possible to leak information about the memory layout to the browser Javascript interpreter. Apple CoreGraphics library fails to validate input when parsing the colorspace...

5.8CVSS7.9AI score0.04983EPSS
Exploits0
Rows per page
Query Builder