8 matches found
CVE-2026-49461
A flaw was found in pypdf. An attacker can craft a malicious PDF document containing a form XObject with self-references. When a user attempts to extract text from a page within this crafted PDF, it can lead to excessive memory consumption. This vulnerability may result in a Denial of Service DoS...
CVE-2026-49461 pypdf: Possible large memory usage for form XObjects during text extraction
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12....
CVE-2026-49461
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12....
pypdf: Possible large memory usage for form XObjects during text extraction
Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. Patches This has been fixed in pypdf==6.12.2. Workarounds If you cannot upgrade yet, consider applying...
CVE-2024-31464 XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it'...
XWiki Commons 跨站脚本漏洞
XWiki Commons is a technology library shared by several other top XWiki projects. A cross-site scripting vulnerability exists in XWiki Commons, which stems from a failure to check the authors of a JavaScript xobject or StyleSheet xobject that is added to an XWiki document...
PT-2023-22203 · Xwiki · Xwiki
Name of the Vulnerable Software and Affected Versions: XWiki versions prior to 14.9-rc-1 Description: The issue arises from the lack of checks on the author of a JavaScript xobject or StyleSheet xobject added to a XWiki document. This allowed a user with only Edit Right to create such an object a...
CoreGraphics Information Disclosure - CVE-2014-4378
This article explores the exploitability of MobileSafari on IOS 7.1.x. Using a crafted PDF file as an HTML image makes it possible to leak information about the memory layout to the browser Javascript interpreter. Apple CoreGraphics library fails to validate input when parsing the colorspace...