Описание
Security update for python-PyPDF2
This update for python-PyPDF2 fixes the following issues:
Changes in python-PyPDF2:
-
CVE-2026-27628: Fixed infinite loop when loading circular /Prev entries in cross-reference streams (bsc#1258940)
-
CVE-2026-27888: Fixed issue where manipulated FlateDecode XFA streams can exhaust RAM (bsc#1258934)
-
CVE-2025-55197: Fixed denial of service via craft PDF (bsc#1248089)
-
CVE-2026-27024: Fixed infinite loop when processing TreeObject (bsc#1258691)
-
CVE-2026-27025: Fixed long runtimes/large memory usage for large /ToUnicode streams (bsc#1258692)
-
CVE-2026-27026: Fixed long runtimes for malformed FlateDecode streams (bsc#1258693)
-
Convert to pip-based build
Список пакетов
openSUSE Leap 16.0
Ссылки
- SUSE Security Ratings
- SUSE Bug 1248089
- SUSE Bug 1258691
- SUSE Bug 1258692
- SUSE Bug 1258693
- SUSE Bug 1258934
- SUSE Bug 1258940
- SUSE CVE CVE-2025-55197 page
- SUSE CVE CVE-2026-27024 page
- SUSE CVE CVE-2026-27025 page
- SUSE CVE CVE-2026-27026 page
- SUSE CVE CVE-2026-27628 page
- SUSE CVE CVE-2026-27888 page
Описание
pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are affected on explicit access. This issue has been fixed in 6.0.0. If an update is not possible, a workaround involves including the fixed code from pypdf.filters.decompress into the existing filters file.
Затронутые продукты
Ссылки
- CVE-2025-55197
- SUSE Bug 1248089
Описание
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in 6.7.1.
Затронутые продукты
Ссылки
- CVE-2026-27024
- SUSE Bug 1258691
Описание
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. This vulnerability is fixed in 6.7.1.
Затронутые продукты
Ссылки
- CVE-2026-27025
- SUSE Bug 1258692
Описание
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1.
Затронутые продукты
Ссылки
- CVE-2026-27026
- SUSE Bug 1258693
Описание
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually.
Затронутые продукты
Ссылки
- CVE-2026-27628
- SUSE Bug 1258940
Описание
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the `xfa` property of a reader or writer and the corresponding stream being compressed using `/FlateDecode`. This has been fixed in pypdf 6.7.3. As a workaround, apply the patch manually.
Затронутые продукты
Ссылки
- CVE-2026-27888
- SUSE Bug 1258934