python311-PyPDF2-2.11.1-4.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2026:10238-1 Final 1 1 2026-02-23T00:00:00Z current 2026-02-23T00:00:00Z 2026-02-23T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z python311-PyPDF2-2.11.1-4.1 on GA media These are all security issues fixed in the python311-PyPDF2-2.11.1-4.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2026-10238 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-55197/ SUSE CVE CVE-2025-55197 page https://www.suse.com/security/cve/CVE-2026-27024/ SUSE CVE CVE-2026-27024 page https://www.suse.com/security/cve/CVE-2026-27025/ SUSE CVE CVE-2026-27025 page https://www.suse.com/security/cve/CVE-2026-27026/ SUSE CVE CVE-2026-27026 page openSUSE Tumbleweed python311-PyPDF2-2.11.1-4.1 python312-PyPDF2-2.11.1-4.1 python313-PyPDF2-2.11.1-4.1 python311-PyPDF2-2.11.1-4.1 as a component of openSUSE Tumbleweed python312-PyPDF2-2.11.1-4.1 as a component of openSUSE Tumbleweed python313-PyPDF2-2.11.1-4.1 as a component of openSUSE Tumbleweed pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are affected on explicit access. This issue has been fixed in 6.0.0. If an update is not possible, a workaround involves including the fixed code from pypdf.filters.decompress into the existing filters file. CVE-2025-55197 openSUSE Tumbleweed:python311-PyPDF2-2.11.1-4.1 openSUSE Tumbleweed:python312-PyPDF2-2.11.1-4.1 openSUSE Tumbleweed:python313-PyPDF2-2.11.1-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-55197.html CVE-2025-55197 https://bugzilla.suse.com/1248089 SUSE Bug 1248089 pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in 6.7.1. CVE-2026-27024 openSUSE Tumbleweed:python311-PyPDF2-2.11.1-4.1 openSUSE Tumbleweed:python312-PyPDF2-2.11.1-4.1 openSUSE Tumbleweed:python313-PyPDF2-2.11.1-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-27024.html CVE-2026-27024 https://bugzilla.suse.com/1258691 SUSE Bug 1258691 pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. This vulnerability is fixed in 6.7.1. CVE-2026-27025 openSUSE Tumbleweed:python311-PyPDF2-2.11.1-4.1 openSUSE Tumbleweed:python312-PyPDF2-2.11.1-4.1 openSUSE Tumbleweed:python313-PyPDF2-2.11.1-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-27025.html CVE-2026-27025 https://bugzilla.suse.com/1258692 SUSE Bug 1258692 pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1. CVE-2026-27026 openSUSE Tumbleweed:python311-PyPDF2-2.11.1-4.1 openSUSE Tumbleweed:python312-PyPDF2-2.11.1-4.1 openSUSE Tumbleweed:python313-PyPDF2-2.11.1-4.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2026-27026.html CVE-2026-27026 https://bugzilla.suse.com/1258693 SUSE Bug 1258693