Description
pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 11 | | =1.26.0-4 || =1.26.0-4+deb11u1 || =1.27.12-1 || =1.27.9-1 || =2.0.0-1 || =2.10.0-1 || =2.10.2-1 || =2.10.3-1 || =2.10.4-1 || =2.10.5-1 || =2.10.7-1 || =2.10.9-1 || =2.11.0-1 || =2.11.1-1 || =2.11.2-1 || =2.12.1-1 || =2.12.1-2 || =2.12.1-3 || =2.12.1-4 || =2.4.1-1 || =2.4.2-1 || =2.6.0-1 || =2.8.1-1 || =2.9.0-1 | - |
 pypi | | | 6.7.5 |
debian 12 | | =2.12.1-3 || =2.12.1-3+deb12u1 || =2.12.1-4 | - |
debian 12 | | =3.17.4-1 || =3.4.1-1 || =3.4.1-1+deb12u1 || =4.0.0-1 || =4.0.0-1~exp1 || =4.0.1-1 || =4.0.2-1 || =4.1.0-1 || =4.2.0-1 || =4.3.1-1 || =5.4.0-1 || =6.9.0-1 || =6.9.2-1 | - |
debian 13 | | =5.4.0-1 || =6.9.0-1 || =6.9.2-1 | - |
debian 14 | | | 6.9.0-1 |
