Description
pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has been fixed in version 6.10.0.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 12 | | =3.17.4-1 || =3.4.1-1 || =3.4.1-1+deb12u1 || =4.0.0-1 || =4.0.0-1~exp1 || =4.0.1-1 || =4.0.2-1 || =4.1.0-1 || =4.2.0-1 || =4.3.1-1 || =5.4.0-1 || =6.9.0-1 || =6.9.2-1 | - |
debian 11 | | =1.26.0-4 || =1.26.0-4+deb11u1 || =1.27.12-1 || =1.27.9-1 || =2.0.0-1 || =2.10.0-1 || =2.10.2-1 || =2.10.3-1 || =2.10.4-1 || =2.10.5-1 || =2.10.7-1 || =2.10.9-1 || =2.11.0-1 || =2.11.1-1 || =2.11.2-1 || =2.12.1-1 || =2.12.1-2 || =2.12.1-3 || =2.12.1-4 || =2.4.1-1 || =2.4.2-1 || =2.6.0-1 || =2.8.1-1 || =2.9.0-1 | - |
debian 12 | | =2.12.1-3 || =2.12.1-3+deb12u1 || =2.12.1-4 | - |
 pypi | | | 6.10.0 |
debian 13 | | =5.4.0-1 || =6.9.0-1 || =6.9.2-1 | - |
debian 14 | | =5.4.0-1 || =6.9.0-1 || =6.9.2-1 | - |
