{"affected":[{"ecosystem_specific":{"binaries":[{"python313-PyPDF2":"2.11.1-bp160.2.1"}]},"package":{"ecosystem":"openSUSE:Leap 16.0","name":"python-PyPDF2","purl":"pkg:rpm/opensuse/python-PyPDF2&distro=openSUSE%20Leap%2016.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2.11.1-bp160.2.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for python-PyPDF2 fixes the following issues:\n\nChanges in python-PyPDF2:\n\n- CVE-2026-27628: Fixed infinite loop when loading circular /Prev entries in cross-reference streams (bsc#1258940)\n- CVE-2026-27888: Fixed issue where manipulated FlateDecode XFA streams can exhaust RAM (bsc#1258934)\n- CVE-2025-55197: Fixed denial of service via craft PDF (bsc#1248089)\n- CVE-2026-27024: Fixed infinite loop when processing TreeObject (bsc#1258691)\n- CVE-2026-27025: Fixed long runtimes/large memory usage for large /ToUnicode streams (bsc#1258692)\n- CVE-2026-27026: Fixed long runtimes for malformed FlateDecode streams (bsc#1258693)\n\n- Convert to pip-based build\n","id":"openSUSE-SU-2026:20333-1","modified":"2026-03-06T21:01:39Z","published":"2026-03-06T21:01:39Z","references":[{"type":"ADVISORY","url":null},{"type":"REPORT","url":"https://bugzilla.suse.com/1248089"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258691"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258692"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258693"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258934"},{"type":"REPORT","url":"https://bugzilla.suse.com/1258940"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-55197"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-27024"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-27025"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-27026"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-27628"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2026-27888"}],"related":["CVE-2025-55197","CVE-2026-27024","CVE-2026-27025","CVE-2026-27026","CVE-2026-27628","CVE-2026-27888"],"summary":"Security update for python-PyPDF2","upstream":["CVE-2025-55197","CVE-2026-27024","CVE-2026-27025","CVE-2026-27026","CVE-2026-27628","CVE-2026-27888"]}