Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
pypdf's Manipulated FlateDecode streams can exhaust RAM
Vulnerability Description
pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are affected on explicit access. This issue has been fixed in 6.0.0. If an update is not possible, a workaround involves including the fixed code from pypdf.filters.decompress into the existing filters file.
CVSS Information
N/A
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
pypdf 安全漏洞
Vulnerability Description
pypdf是py-pdf开源的一个免费开源的纯 python PDF 库。能够拆分、合并、裁剪和转换 PDF 文件的页面。 pypdf 6.0.0之前版本存在安全漏洞,该漏洞源于恶意PDF可能导致RAM耗尽,影响内容流访问。
CVSS Information
N/A
Vulnerability Type
N/A