Source: xhtml2pdf X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerability was published for xhtml2pdf. CVE-2024-25885[0]: | An issue in the getcolor function in utils.py of xhtml2pdf v0.2.13 | allows attackers to cause a Regular expression Denial of Service | (ReDOS) via supplying a crafted string. This apparently hasn't been forwarded upstream yet: https://gist.github.com/salvatore-abello/c88dd0027496774023ef36c7b576d206 If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-25885 https://www.cve.org/CVERecord?id=CVE-2024-25885 Please adjust the affected versions in the BTS as needed.
