pikepdf before 2.10.0 allows an XXE attack against PDF XMP metadata parsing.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | pikepdf | < 6.0.0+dfsg-1 | pikepdf_6.0.0+dfsg-1_all.deb |
Debian | 11 | all | pikepdf | <= 1.17.3+dfsg-5 | pikepdf_1.17.3+dfsg-5_all.deb |
Debian | 10 | all | pikepdf | <= 1.0.5+dfsg-3~deb10u1 | pikepdf_1.0.5+dfsg-3~deb10u1_all.deb |
Debian | 999 | all | pikepdf | < 6.0.0+dfsg-1 | pikepdf_6.0.0+dfsg-1_all.deb |