Nixpkgs Security Tracker

Login with GitHub

Suggestions search

All statuses
Filter by:
With package: python312Packages.pypdf3

Found 6 matching suggestions

Published
Permalink CVE-2026-28351
updated 4 days, 19 hours ago by @LeSuisse Activity log
  • Created automatic suggestion 1 week ago
  • @anthonyroussel removed
    4 packages
    • capypdf
    • python312Packages.pypdf3
    • python313Packages.pypdf3
    • python314Packages.pypdf3
    1 week ago
  • @anthonyroussel added
    3 packages
    • python312Packages.pypdf3
    • python314Packages.pypdf3
    • python313Packages.pypdf3
    1 week ago
  • @anthonyroussel removed
    3 packages
    • python314Packages.pypdfium2
    • python313Packages.pypdfium2
    • python312Packages.pypdfium2
    1 week ago
  • @LeSuisse accepted 6 days, 9 hours ago
  • @LeSuisse published on GitHub 4 days, 19 hours ago
Manipulated RunLengthDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaround, consider applying the changes from PR #3664.

References

Affected products

pypdf
  • ==< 6.7.4

Matching in nixpkgs

Ignored packages (4)

Package maintainers

Upstream advisory: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vhxc-r7v8-2xrw
Upstream patch: https://github.com/py-pdf/pypdf/commit/f309c6003746414dc7b5048c19e6d879ff2dc858
Published
Permalink CVE-2026-27025
updated 1 week, 2 days ago by @LeSuisse Activity log
  • Created automatic suggestion 2 weeks ago
  • @LeSuisse removed
    4 packages
    • capypdf
    • python312Packages.pypdfium2
    • python313Packages.pypdfium2
    • python314Packages.pypdfium2
    1 week, 2 days ago
  • @LeSuisse accepted 1 week, 2 days ago
  • @LeSuisse published on GitHub 1 week, 2 days ago
pypdf has possible long runtimes/large memory usage for large /ToUnicode streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. This vulnerability is fixed in 6.7.1.

References

Affected products

pypdf
  • ==< 6.7.1

Matching in nixpkgs

Ignored packages (4)

Package maintainers

Upstream advisory: https://github.com/py-pdf/pypdf/security/advisories/GHSA-wgvp-vg3v-2xq3
Upstream patch: https://github.com/py-pdf/pypdf/commit/77d7b8d7cfbe8dd179858dfa42666f73fc6e57a2
Published
Permalink CVE-2026-27024
updated 1 week, 2 days ago by @LeSuisse Activity log
  • Created automatic suggestion 2 weeks ago
  • @LeSuisse removed
    4 packages
    • capypdf
    • python313Packages.pypdfium2
    • python312Packages.pypdfium2
    • python314Packages.pypdfium2
    1 week, 2 days ago
  • @LeSuisse accepted 1 week, 2 days ago
  • @LeSuisse published on GitHub 1 week, 2 days ago
pypdf has a possible infinite loop when processing TreeObject

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in 6.7.1.

References

Affected products

pypdf
  • ==< 6.7.1

Matching in nixpkgs

Ignored packages (4)

Package maintainers

Upstream advisory: https://github.com/py-pdf/pypdf/security/advisories/GHSA-996q-pr4m-cvgq
Upstream patch: https://github.com/py-pdf/pypdf/commit/bd2f6d052fe5941e85e37082c2a43453d48d1295
Untriaged
Permalink CVE-2026-27026
created 2 weeks ago
pypdf possibly has long runtimes for malformed FlateDecode streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1.

References

Affected products

pypdf
  • ==< 6.7.1

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2026-24688
created 1 month, 1 week ago
pypdf has possible Infinite Loop when processing outlines/bookmarks

pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects cannot upgrade yet, consider applying the changes from PR #3610 manually.

References

Affected products

pypdf
  • ==< 6.6.2

Matching in nixpkgs

Package maintainers

Untriaged
Permalink CVE-2025-66019
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created automatic suggestion 1 month, 2 weeks ago
  • @LeSuisse removed
    3 packages
    • capypdf
    • python313Packages.pypdfium2
    • python312Packages.pypdfium2
    1 month, 2 weeks ago
pypdf manipulated LZWDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patched in version 6.4.0.

References

Affected products

pypdf
  • ==< 6.4.0

Matching in nixpkgs

Package maintainers