There's a flaw in the pikepdf Python library's XMP metadata parsing functionality. An attacker who is able to submit a crafted PDF file to be processed by pikepdf could trigger an XML External Entity (XXE) injection. The highest threat of this flaw is to confidentiality of data.
There's a flaw in the pikepdf Python library's XMP metadata parsing functionality. An attacker who is able to submit a crafted PDF file to be processed by pikepdf could trigger an XML External Entity (XXE) injection. The highest threat of this flaw is to confidentiality of data.
This flaw does not affect any Red Hat shipped commercial products, as pikepdf is not currently shipped.