Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2021-29421

Related Vulnerabilities: CVE-2021-29421  

There's a flaw in the pikepdf Python library's XMP metadata parsing functionality. An attacker who is able to submit a crafted PDF file to be processed by pikepdf could trigger an XML External Entity (XXE) injection. The highest threat of this flaw is to confidentiality of data.

Source

Description

There's a flaw in the pikepdf Python library's XMP metadata parsing functionality. An attacker who is able to submit a crafted PDF file to be processed by pikepdf could trigger an XML External Entity (XXE) injection. The highest threat of this flaw is to confidentiality of data.

Statement

This flaw does not affect any Red Hat shipped commercial products, as pikepdf is not currently shipped.

This flaw does not affect any Red Hat shipped commercial products, as pikepdf is not currently shipped.

Additional Information

  • Bugzilla 1946269: CVE-2021-29421 pikepdf: XML external entity issue when parsing XMP metadata entries
  • CWE-611: Improper Restriction of XML External Entity Reference
  • FAQ: Frequently asked questions about CVE-2021-29421

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started