python-pikepdf

Link	package \| bugs open \| bugs closed \| Wiki \| GitHub \| web search
Description	Read and write PDFs with Python, powered by qpdf
Version	9.4.2-1 [extra]

Resolved

Group	Affected	Fixed	Severity	Status	Ticket
AVG-1761	2.9.2-1	2.10.0-1	Medium	Fixed

Issue	Group	Severity	Remote	Type	Description
CVE-2021-29421	AVG-1761	Medium	Yes	Xml external entity injection	models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XML external entity injection (XXE) when parsing XMP metadata entries.