High severityNVD Advisory· Published Apr 1, 2021· Updated Aug 3, 2024
CVE-2021-29421
CVE-2021-29421
Description
models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pikepdfPyPI | >= 1.3.0, < 2.10.0 | 2.10.0 |
Affected products
2- Python/pikepdfdescription
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-ccgm-3xw4-h5p8ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36P4HTLBJPO524WMQWW57N3QRF4RFSJG/mitrevendor-advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QFLBBYGEDNXJ7FS6PIWTVI4T4BUPGEQ/mitrevendor-advisory
- nvd.nist.gov/vuln/detail/CVE-2021-29421ghsaADVISORY
- github.com/pikepdf/pikepdf/commit/3f38f73218e5e782fe411ccbb3b44a793c0b343aghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/pikepdf/PYSEC-2021-34.yamlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36P4HTLBJPO524WMQWW57N3QRF4RFSJGghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QFLBBYGEDNXJ7FS6PIWTVI4T4BUPGEQghsaWEB
- github.com/pikepdf/pikepdf/blob/v2.10.0/docs/release_notes.rstmitre
News mentions
0No linked articles in our index yet.