Description
pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1.
Mitigation
Minimal update. May introduce new vulnerabilities or breaking changes.
|
 debian 12 | | =3.17.4-1 || =3.4.1-1 || =3.4.1-1+deb12u1 || =4.0.0-1 || =4.0.0-1~exp1 || =4.0.1-1 || =4.0.2-1 || =4.1.0-1 || =4.2.0-1 || =4.3.1-1 || =5.4.0-1 || =6.9.0-1 || =6.9.2-1 | - |
debian 13 | | =5.4.0-1 || =6.9.0-1 || =6.9.2-1 | - |
debian 14 | | =5.4.0-1 || =6.9.0-1 || >=0 <6.9.2-1 | 6.9.2-1 |
 pypi | | | 6.9.1 |
debian 12 | | =2.12.1-3 || =2.12.1-3+deb12u1 || =2.12.1-4 | - |
debian 11 | | =1.26.0-4 || =1.26.0-4+deb11u1 || =1.27.12-1 || =1.27.9-1 || =2.0.0-1 || =2.10.0-1 || =2.10.2-1 || =2.10.3-1 || =2.10.4-1 || =2.10.5-1 || =2.10.7-1 || =2.10.9-1 || =2.11.0-1 || =2.11.1-1 || =2.11.2-1 || =2.12.1-1 || =2.12.1-2 || =2.12.1-3 || =2.12.1-4 || =2.4.1-1 || =2.4.2-1 || =2.6.0-1 || =2.8.1-1 || =2.9.0-1 | - |
