... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

linux.debian.bugs.dist

Ohh some weird Debian bug report thing

28,835 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 28,506 of 28,835

Salvatore Bonaccorso to All

Bug#1128654: pypdf: CVE-2026-27024

22 Feb 26 11:50:01

   From: carnil@debian.org   
      
   Source: pypdf   
   Version: 5.4.0-1   
   Severity: important   
   Tags: security upstream   
   Forwarded: https://github.com/py-pdf/pypdf/pull/3645   
   X-Debbugs-Cc: carnil@debian.org, Debian Security Team    
      
   Hi,   
      
   The following vulnerability was published for pypdf.   
      
   CVE-2026-27024[0]:   
   | pypdf is a free and open-source pure-python PDF library. Prior to   
   | 6.7.1, an attacker who uses this vulnerability can craft a PDF which   
   | leads to an infinite loop. This requires accessing the children of a   
   | TreeObject, for example as part of outlines. This vulnerability is   
   | fixed in 6.7.1.   
      
      
   If you fix the vulnerability please also make sure to include the   
   CVE (Common Vulnerabilities & Exposures) id in your changelog entry.   
      
   For further information see:   
      
   [0] https://security-tracker.debian.org/tracker/CVE-2026-27024   
       https://www.cve.org/CVERecord?id=CVE-2026-27024   
   [1] https://github.com/py-pdf/pypdf/pull/3645   
   [2] https://github.com/py-pdf/pypdf/security/advisories/GHSA-996q-pr4m-cvgq   
   [3] https://github.com/py-pdf/pypdf/commit/bd2f6d052fe5941e85e37   
   82c2a43453d48d1295   
      
   Please adjust the affected versions in the BTS as needed.   
      
   Regards,   
   Salvatore   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]