Threats Tagged 'cwe-407'

CVE-2026-49460 is a medium severity vulnerability in the pypdf library prior to version 6.12.2. It involves inefficient algorithmic complexity triggered by specially crafted PDF files that use the /FlateDecode filter with a PNG predictor, causing long runtimes during processing. This issue has been fixed in version 6.12.2.

CVE-2026-53539 is a high-severity vulnerability in Kludex python-multipart prior to version 0.0.30. The issue arises when parsing application/x-www-form-urlencoded bodies that use semicolon (;) as a field separator without ampersands (&). The parser performs an inefficient scan for & on every field iteration, causing quadratic time complexity in CPU usage. This can lead to excessive CPU consumption and potential denial of service when processing crafted requests. The vulnerability is fixed in version 0.0.30.

js-yaml versions prior to 4.2.0 contain an inefficient algorithmic complexity vulnerability in merge-key processing. A crafted YAML document with repeated aliases in a merge sequence can cause quadratic CPU usage, leading to denial of service by blocking the Node.js event loop. This issue is fixed in version 4.2.0.

js-toml is a TOML parser for JavaScript, fully compliant with the TOML 1.0.0 Spec. Versions up to and including 1.1.0 parse hexadecimal / octal / binary integer literals via a hand-written `parseBigInt` loop that multiplies a `BigInt` accumulator by the radix once per input digit. Each iteration performs a `BigInt * BigInt` operation on an accumulator that grows linearly with the number of digits already consumed, so the whole loop is O(n²) in the literal length. The lexer regex places no upper bound on the literal length, so a single TOML document containing one ~500 kB hex literal pins one CPU core for ~40 seconds on a modern laptop (Apple M-series, Node v22). Memory amplification is bounded but CPU amplification is severe and grows quadratically: doubling the literal length quadruples the work. A caller that invokes `load()` on attacker-controlled TOML (configuration upload endpoints, CI/CD systems ingesting third-party `*.toml`, IDE plugins, build tools) is exposed to a single-request CPU exhaustion DoS. Version 1.1.1 fixes the issue.

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability

.NET and Visual Studio Denial of Service Vulnerability

Spring Framework versions 5.3.0 through 5.3.48, 6.1.0 through 6.1.27, 6.2.0 through 6.2.18, and 7.0.0 through 7.0.7 are vulnerable to an inefficient algorithmic complexity issue in the Spring Expression Language (SpEL) evaluation. This vulnerability allows an attacker to supply a crafted expression that causes excessive resource consumption, potentially leading to denial of service conditions. The vulnerability is identified as CWE-407 and has a CVSS 3.1 score of 7.5 (high severity). No official patch or remediation guidance is currently provided.

unicodedata.normalize() can take excessive CPU time when processing specially crafted Unicode input containing long runs of combining characters with alternating Canonical Combining Class values. This affects all normalization forms.

These are all security issues fixed in the rclone-1.74.3-1.1 package on the GA media of openSUSE Tumbleweed.