High severity7.5GHSA Advisory· Published Oct 8, 2024· Updated Apr 15, 2026
CVE-2024-25885
CVE-2024-25885
Description
An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
xhtml2pdfPyPI | <= 0.2.16 | — |
Affected products
3- ghsa-coords2 versions
<= 0.2.16+ 1 more
- (no CPE)range: <= 0.2.16
- (no CPE)range: < 0.2.16-2.1
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.