... darkrealms ...

Forums before death by AOL, social media and spammers... "We can't have nice things"

linux.debian.bugs.dist

Ohh some weird Debian bug report thing

28,835 messages

[ << oldest | < older | list | newer > | newest >> ]

Message 28,508 of 28,835

Salvatore Bonaccorso to All

Bug#1128656: pypdf: CVE-2026-27025

22 Feb 26 11:50:01

   From: carnil@debian.org   
      
   Source: pypdf   
   Version: 5.4.0-1   
   Severity: important   
   Tags: security upstream   
   Forwarded: https://github.com/py-pdf/pypdf/pull/3646   
   X-Debbugs-Cc: carnil@debian.org, Debian Security Team    
      
   Hi,   
      
   The following vulnerability was published for pypdf.   
      
   CVE-2026-27025[0]:   
   | pypdf is a free and open-source pure-python PDF library. Prior to   
   | 6.7.1, an attacker who uses this vulnerability can craft a PDF which   
   | leads to long runtimes and large memory consumption. This requires   
   | parsing the /ToUnicode entry of a font with unusually large values,   
   | for example during text extraction. This vulnerability is fixed in   
   | 6.7.1.   
      
      
   If you fix the vulnerability please also make sure to include the   
   CVE (Common Vulnerabilities & Exposures) id in your changelog entry.   
      
   For further information see:   
      
   [0] https://security-tracker.debian.org/tracker/CVE-2026-27025   
       https://www.cve.org/CVERecord?id=CVE-2026-27025   
   [1] https://github.com/py-pdf/pypdf/pull/3646   
   [2] https://github.com/py-pdf/pypdf/security/advisories/GHSA-wgvp-vg3v-2xq3   
   [3] https://github.com/py-pdf/pypdf/commit/77d7b8d7cfbe8dd179858   
   fa42666f73fc6e57a2   
      
   Please adjust the affected versions in the BTS as needed.   
      
   Regards,   
   Salvatore   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)

[ << oldest | < older | list | newer > | newest >> ]