Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package python-PyPDF2 for openSUSE:Factory checked in at 2026-03-12 22:22:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/python-PyPDF2 (Old) and /work/SRC/openSUSE:Factory/.python-PyPDF2.new.8177 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-PyPDF2" Thu Mar 12 22:22:30 2026 rev:16 rq:1338482 version:2.11.1 Changes: -------- --- /work/SRC/openSUSE:Factory/python-PyPDF2/python-PyPDF2.changes 2026-03-10 18:01:43.808374813 +0100 +++ /work/SRC/openSUSE:Factory/.python-PyPDF2.new.8177/python-PyPDF2.changes 2026-03-12 22:27:19.862777928 +0100 @@ -1,0 +2,6 @@ +Thu Mar 12 11:56:22 UTC 2026 - Daniel Garcia <[email protected]> + +- CVE-2026-31826: denial of service due to excessive memory consumption via crafted PDF, bsc#1259508 + Add security patch: CVE-2026-31826.patch + +------------------------------------------------------------------- New: ---- CVE-2026-31826.patch ----------(New B)---------- New:- CVE-2026-31826: denial of service due to excessive memory consumption via crafted PDF, bsc#1259508 Add security patch: CVE-2026-31826.patch ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-PyPDF2.spec ++++++ --- /var/tmp/diff_new_pack.Gc44uK/_old 2026-03-12 22:27:20.722813972 +0100 +++ /var/tmp/diff_new_pack.Gc44uK/_new 2026-03-12 22:27:20.722813972 +0100 @@ -39,6 +39,8 @@ Patch5: CVE-2026-27888.patch # PATCH-FIX-UPSTREAM CVE-2026-28804.patch bsc#1259404 Patch6: CVE-2026-28804.patch +# PATCH-FIX-UPSTREAM CVE-2026-31826.patch bsc#1259508 +Patch7: CVE-2026-31826.patch BuildRequires: %{python_module pip} BuildRequires: %{python_module setuptools} BuildRequires: %{python_module wheel} ++++++ CVE-2026-31826.patch ++++++ Index: pypdf-2.11.1/PyPDF2/filters.py =================================================================== --- pypdf-2.11.1.orig/PyPDF2/filters.py +++ pypdf-2.11.1/PyPDF2/filters.py @@ -62,6 +62,7 @@ from .constants import StreamAttributes from .errors import LimitReachedError, PdfReadError, PdfStreamError ZLIB_MAX_RECOVERY_INPUT_LENGTH = 5_000_000 +MAX_DECLARED_STREAM_LENGTH = 75_000_000 # Reuse cached 1-byte values in the fallback loop to avoid per-byte allocations. _SINGLE_BYTES = tuple(bytes((i,)) for i in range(256)) Index: pypdf-2.11.1/PyPDF2/generic/_data_structures.py =================================================================== --- pypdf-2.11.1.orig/PyPDF2/generic/_data_structures.py +++ pypdf-2.11.1/PyPDF2/generic/_data_structures.py @@ -54,7 +54,7 @@ from ..constants import OutlineFontFlag from ..constants import StreamAttributes as SA from ..constants import TypArguments as TA from ..constants import TypFitArguments as TF -from ..errors import STREAM_TRUNCATED_PREMATURELY, PdfReadError, PdfStreamError +from ..errors import STREAM_TRUNCATED_PREMATURELY, LimitReachedError, PdfReadError, PdfStreamError from ._base import ( BooleanObject, FloatObject, @@ -310,7 +310,16 @@ class DictionaryObject(dict, PdfObject): length = pdf.get_object(length) stream.seek(t, 0) pstart = stream.tell() - data["__streamdata__"] = stream.read(length) + if length >= 0: + from ..filters import MAX_DECLARED_STREAM_LENGTH # noqa: PLC0415 + if length > MAX_DECLARED_STREAM_LENGTH: + raise LimitReachedError(f"Declared stream length of {length} exceeds maximum allowed length.") + + data["__streamdata__"] = stream.read(length) + else: + data["__streamdata__"] = read_until_regex( + stream, re.compile(b"endstream") + ) e = read_non_whitespace(stream) ndstream = stream.read(8) if (e + ndstream) != b"endstream":
