rpm package
opensuse/python-PyPDF2&distro=openSUSE Leap 16.0
pkg:rpm/opensuse/python-PyPDF2&distro=openSUSE%20Leap%2016.0
Vulnerabilities (10)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40260 | Med | 5.3 | < 2.11.1-bp160.6.1 | 2.11.1-bp160.6.1 | Apr 17, 2026 | pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadat | |
| CVE-2026-33123 | — | < 2.11.1-bp160.5.1 | 2.11.1-bp160.5.1 | Mar 20, 2026 | pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed i | ||
| CVE-2026-31826 | — | < 2.11.1-bp160.4.1 | 2.11.1-bp160.4.1 | Mar 10, 2026 | pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length insid | ||
| CVE-2026-28804 | — | < 2.11.1-bp160.3.1 | 2.11.1-bp160.3.1 | Mar 6, 2026 | pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6. | ||
| CVE-2026-27888 | — | < 2.11.1-bp160.2.1 | 2.11.1-bp160.2.1 | Feb 26, 2026 | pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the `xfa` property of a reader or writer and the corresponding stream being compressed | ||
| CVE-2026-27628 | — | < 2.11.1-bp160.2.1 | 2.11.1-bp160.2.1 | Feb 25, 2026 | pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually. | ||
| CVE-2026-27026 | — | < 2.11.1-bp160.2.1 | 2.11.1-bp160.2.1 | Feb 20, 2026 | pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed | ||
| CVE-2026-27025 | — | < 2.11.1-bp160.2.1 | 2.11.1-bp160.2.1 | Feb 20, 2026 | pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for exampl | ||
| CVE-2026-27024 | — | < 2.11.1-bp160.2.1 | 2.11.1-bp160.2.1 | Feb 20, 2026 | pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in | ||
| CVE-2025-55197 | — | < 2.11.1-bp160.2.1 | 2.11.1-bp160.2.1 | Aug 13, 2025 | pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content |
- affected < 2.11.1-bp160.6.1fixed 2.11.1-bp160.6.1
pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadat
- CVE-2026-33123Mar 20, 2026affected < 2.11.1-bp160.5.1fixed 2.11.1-bp160.5.1
pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed i
- CVE-2026-31826Mar 10, 2026affected < 2.11.1-bp160.4.1fixed 2.11.1-bp160.4.1
pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length insid
- CVE-2026-28804Mar 6, 2026affected < 2.11.1-bp160.3.1fixed 2.11.1-bp160.3.1
pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.
- CVE-2026-27888Feb 26, 2026affected < 2.11.1-bp160.2.1fixed 2.11.1-bp160.2.1
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the `xfa` property of a reader or writer and the corresponding stream being compressed
- CVE-2026-27628Feb 25, 2026affected < 2.11.1-bp160.2.1fixed 2.11.1-bp160.2.1
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually.
- CVE-2026-27026Feb 20, 2026affected < 2.11.1-bp160.2.1fixed 2.11.1-bp160.2.1
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed
- CVE-2026-27025Feb 20, 2026affected < 2.11.1-bp160.2.1fixed 2.11.1-bp160.2.1
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for exampl
- CVE-2026-27024Feb 20, 2026affected < 2.11.1-bp160.2.1fixed 2.11.1-bp160.2.1
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in
- CVE-2025-55197Aug 13, 2025affected < 2.11.1-bp160.2.1fixed 2.11.1-bp160.2.1
pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content