Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Published
Filter by:
With package: python313Packages.pypdf

Found 6 matching suggestions

Permalink CVE-2026-28804
updated 14 hours ago by @mweinelt Activity log
  • Created automatic suggestion 1 day, 3 hours ago
  • @mweinelt removed
    10 packages
    • capypdf
    • python312Packages.pypdf2
    • python312Packages.pypdf3
    • python313Packages.pypdf2
    • python313Packages.pypdf3
    • python314Packages.pypdf2
    • python314Packages.pypdf3
    • python312Packages.pypdfium2
    • python313Packages.pypdfium2
    • python314Packages.pypdfium2
    14 hours ago
  • @mweinelt accepted 14 hours ago
  • @mweinelt published on GitHub 14 hours ago
pypdf: Inefficient decoding of ASCIIHexDecode streams

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5.

References

Affected products

pypdf
  • ==< 6.7.5

Matching in nixpkgs

Ignored packages (10)

Package maintainers

Permalink CVE-2026-28351
updated 4 days, 22 hours ago by @LeSuisse Activity log
  • Created automatic suggestion 1 week, 1 day ago
  • @anthonyroussel removed
    4 packages
    • capypdf
    • python312Packages.pypdf3
    • python313Packages.pypdf3
    • python314Packages.pypdf3
    1 week ago
  • @anthonyroussel added
    3 packages
    • python312Packages.pypdf3
    • python314Packages.pypdf3
    • python313Packages.pypdf3
    1 week ago
  • @anthonyroussel removed
    3 packages
    • python314Packages.pypdfium2
    • python313Packages.pypdfium2
    • python312Packages.pypdfium2
    1 week ago
  • @LeSuisse accepted 6 days, 12 hours ago
  • @LeSuisse published on GitHub 4 days, 22 hours ago
Manipulated RunLengthDecode streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaround, consider applying the changes from PR #3664.

References

Affected products

pypdf
  • ==< 6.7.4

Matching in nixpkgs

Ignored packages (4)

Package maintainers

Upstream advisory: https://github.com/kovidgoyal/calibre/security/advisories/GHSA-vhxc-r7v8-2xrw
Upstream patch: https://github.com/py-pdf/pypdf/commit/f309c6003746414dc7b5048c19e6d879ff2dc858
Permalink CVE-2026-27888
updated 1 week, 1 day ago by @LeSuisse Activity log
  • Created automatic suggestion 1 week, 2 days ago
  • @LeSuisse removed
    7 packages
    • capypdf
    • python314Packages.pypdfium2
    • python313Packages.pypdfium2
    • python312Packages.pypdfium2
    • python313Packages.pypdf3
    • python314Packages.pypdf3
    • python312Packages.pypdf3
    1 week, 1 day ago
  • @LeSuisse accepted 1 week, 1 day ago
  • @LeSuisse published on GitHub 1 week, 1 day ago
pypdf: Manipulated FlateDecode XFA streams can exhaust RAM

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the `xfa` property of a reader or writer and the corresponding stream being compressed using `/FlateDecode`. This has been fixed in pypdf 6.7.3. As a workaround, apply the patch manually.

References

Affected products

pypdf
  • ==< 6.7.3

Matching in nixpkgs

Ignored packages (7)

Package maintainers

Upstream advisory: https://github.com/py-pdf/pypdf/security/advisories/GHSA-x7hp-r3qg-r3cj
Upstream patch: https://github.com/py-pdf/pypdf/commit/7a4c8246ed48d9d328fb596942271da47b6d109c
Permalink CVE-2026-27628
updated 1 week, 1 day ago by @LeSuisse Activity log
  • Created automatic suggestion 1 week, 2 days ago
  • @LeSuisse removed
    7 packages
    • capypdf
    • python314Packages.pypdfium2
    • python313Packages.pypdfium2
    • python312Packages.pypdfium2
    • python314Packages.pypdf3
    • python313Packages.pypdf3
    • python312Packages.pypdf3
    1 week, 1 day ago
  • @LeSuisse accepted 1 week, 1 day ago
  • @LeSuisse published on GitHub 1 week, 1 day ago
pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually.

References

Affected products

pypdf
  • ==< 6.7.2

Matching in nixpkgs

Ignored packages (7)

Package maintainers

Upstream advisory: https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35
Upstream patch: https://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f
Permalink CVE-2026-27025
updated 1 week, 2 days ago by @LeSuisse Activity log
  • Created automatic suggestion 2 weeks, 1 day ago
  • @LeSuisse removed
    4 packages
    • capypdf
    • python312Packages.pypdfium2
    • python313Packages.pypdfium2
    • python314Packages.pypdfium2
    1 week, 2 days ago
  • @LeSuisse accepted 1 week, 2 days ago
  • @LeSuisse published on GitHub 1 week, 2 days ago
pypdf has possible long runtimes/large memory usage for large /ToUnicode streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. This vulnerability is fixed in 6.7.1.

References

Affected products

pypdf
  • ==< 6.7.1

Matching in nixpkgs

Ignored packages (4)

Package maintainers

Upstream advisory: https://github.com/py-pdf/pypdf/security/advisories/GHSA-wgvp-vg3v-2xq3
Upstream patch: https://github.com/py-pdf/pypdf/commit/77d7b8d7cfbe8dd179858dfa42666f73fc6e57a2
Permalink CVE-2026-27024
updated 1 week, 2 days ago by @LeSuisse Activity log
  • Created automatic suggestion 2 weeks, 1 day ago
  • @LeSuisse removed
    4 packages
    • capypdf
    • python313Packages.pypdfium2
    • python312Packages.pypdfium2
    • python314Packages.pypdfium2
    1 week, 2 days ago
  • @LeSuisse accepted 1 week, 2 days ago
  • @LeSuisse published on GitHub 1 week, 2 days ago
pypdf has a possible infinite loop when processing TreeObject

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in 6.7.1.

References

Affected products

pypdf
  • ==< 6.7.1

Matching in nixpkgs

Ignored packages (4)

Package maintainers

Upstream advisory: https://github.com/py-pdf/pypdf/security/advisories/GHSA-996q-pr4m-cvgq
Upstream patch: https://github.com/py-pdf/pypdf/commit/bd2f6d052fe5941e85e37082c2a43453d48d1295