python-pikepdf

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Read and write PDFs with Python, powered by qpdf
Version 9.4.2-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1761 2.9.2-1 2.10.0-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-29421 AVG-1761 Medium Yes Xml external entity injection
models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XML external entity injection (XXE) when parsing XMP metadata entries.