openSUSE-SU-2026:20348-1

Опубликовано: 11 мар. 2026

Источник: suse-cvrf

Описание

Security update for python-PyPDF2

This update for python-PyPDF2 fixes the following issues:

Changes in python-PyPDF2:

CVE-2026-28804: Denial of Service via crafted PDF with ASCIIHexDecode filter (bsc#1259404)
Update sources with osc run download_files

Список пакетов

openSUSE Leap 16.0

python313-PyPDF2-2.11.1-bp160.3.1

Ссылки

https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1259404
SUSE Bug 1259404
https://www.suse.com/security/cve/CVE-2026-28804/
SUSE CVE CVE-2026-28804 page

Описание

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5.

Затронутые продукты

openSUSE Leap 16.0:python313-PyPDF2-2.11.1-bp160.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2026-28804.html
CVE-2026-28804
https://bugzilla.suse.com/1259404
SUSE Bug 1259404

openSUSE-SU-2026:20348-1

Описание

Список пакетов

openSUSE Leap 16.0

Ссылки

Уязвимость: CVE-2026-28804

Описание

Затронутые продукты

Ссылки