Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
pypdf: Missing stream length values ignore defined limits
Vulnerability Description
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAX_DECLARED_STREAM_LENGTH is sometimes ignored. This requires parsing a content stream without a /Length value. This issue has been fixed in version 6.13.3.
CVSS Information
N/A
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
py-pdf pypdf 资源管理错误漏洞
Vulnerability Description
py-pdf pypdf是py-pdf组织开源的一个免费开源的纯 python PDF 库。能够拆分、合并、裁剪和转换 PDF 文件的页面。 py-pdf pypdf 6.13.3之前版本存在资源管理错误漏洞,该漏洞源于解析无/Length值的内容流时忽略MAX_DECLARED_STREAM_LENGTH,可能导致拒绝服务。
CVSS Information
N/A
Vulnerability Type
N/A