Описание
pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patched in version 6.4.0.
A resource exhaustion flaw has been discovered in pypdf. An attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Lightspeed | openshift-lightspeed/lightspeed-ocp-rag-rhel9 | Fix deferred | ||
| OpenShift Lightspeed | openshift-lightspeed/lightspeed-service-api-rhel9 | Fix deferred | ||
| OpenShift Lightspeed | openshift-lightspeed-tech-preview/lightspeed-rag-tool-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/de-minimal-rhel8 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/de-minimal-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/de-supported-rhel8 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/de-supported-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-minimal-rhel8 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-minimal-rhel9 | Fix deferred | ||
| Red Hat Ansible Automation Platform 2 | ansible-automation-platform-24/ee-supported-rhel8 | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patched in version 6.4.0.
pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patched in version 6.4.0.
pypdf is a free and open-source pure-python PDF library. Prior to vers ...
EPSS
5.3 Medium
CVSS3