mcalabkova/python-PyPDF2
SHA256
1
0
Fork 0
forked from pool/python-PyPDF2
Code Pull Requests Activity
Files
factory
python-PyPDF2/CVE-2026-27888.patch
Markéta Machová b44c2fba6f - Add security patches: 
* CVE-2026-27628.patch (bsc#1258940)
  * CVE-2026-27888.patch (bsc#1258934)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-PyPDF2?expand=0&rev=28
2026-03-03 15:47:49 +00:00

49 lines
1.6 KiB
Diff
Raw Permalink Blame History

From 7a4c8246ed48d9d328fb596942271da47b6d109c Mon Sep 17 00:00:00 2001
From: Stefan <96178532+stefan6419846@users.noreply.github.com>
Date: Tue, 24 Feb 2026 18:17:59 +0100
Subject: [PATCH] SEC: Use zlib decompression limit when retrieving XFA data
(#3658)
---
PyPDF2/_doc_common.py | 5 ++---
tests/test_doc_common.py | 31 ++++++++++++++++++++++++++++++-
2 files changed, 32 insertions(+), 4 deletions(-)
Index: PyPDF2-2.11.1/PyPDF2/_reader.py
===================================================================
--- PyPDF2-2.11.1.orig/PyPDF2/_reader.py
+++ PyPDF2-2.11.1/PyPDF2/_reader.py
@@ -30,7 +30,6 @@
import os
import re
import struct
-import zlib
from datetime import datetime
from io import BytesIO
from pathlib import Path
@@ -77,6 +76,7 @@ from .errors import (
PdfStreamError,
WrongPasswordError,
)
+from .filters import _decompress_with_limit
from .generic import (
ArrayObject,
ContentStream,
@@ -1920,7 +1920,6 @@ class PdfReader:
@property
def xfa(self) -> Optional[Dict[str, Any]]:
- tree: Optional[TreeObject] = None
retval: Dict[str, Any] = {}
catalog = cast(DictionaryObject, self.trailer[TK.ROOT])
@@ -1938,7 +1937,7 @@ class PdfReader:
if isinstance(f, IndirectObject):
field = cast(Optional[EncodedStreamObject], f.get_object())
if field:
- es = zlib.decompress(field._data)
+ es = _decompress_with_limit(field._data)
retval[tag] = es
return retval
View Git Blame Copy Permalink