Openshift-Lightspeed-Tech-Preview Lightspeed-Rag-Tool-Rhel9 vulnerabilities

5 known vulnerabilities affecting openshift-lightspeed-tech-preview/lightspeed-rag-tool-rhel9.

Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM5

Vulnerabilities

Page 1 of 1
CVE-2026-41314MEDIUMCVSS 4.82026-04-22
CVE-2026-41314 [MEDIUM] CWE-770 pypdf: python: pypdf: Denial of Service via crafted PDF with large image sizes pypdf: python: pypdf: Denial of Service via crafted PDF with large image sizes A flaw was found in pypdf, a pure-Python PDF library. An attacker can exploit this vulnerability by crafting a malicious PDF file that accesses an image using `/FlateDecode` with large size values. This can lead to memory exhaustion, resulting in a Denial of Service (DoS) for the system processing the PDF.
redhat
CVE-2026-41168MEDIUMCVSS 6.92026-04-22
CVE-2026-41168 [MEDIUM] CWE-1284 pypdf: pypdf: Denial of Service via crafted PDF with oversized streams pypdf: pypdf: Denial of Service via crafted PDF with oversized streams A flaw was found in pypdf. An attacker can craft a malicious PDF file containing oversized cross-reference streams or object streams. Processing such a file can lead to excessively long runtimes, resulting in a Denial of Service (DoS) for applications using the pypdf library. Mitigation: Mitigation for this issue is eithe
redhat
CVE-2026-41312MEDIUMCVSS 4.82026-04-22
CVE-2026-41312 [MEDIUM] CWE-770 pypdf: pypdf: Denial of Service due to excessive memory consumption via specially crafted PDF pypdf: pypdf: Denial of Service due to excessive memory consumption via specially crafted PDF A flaw was found in pypdf. An attacker can craft a malicious PDF file containing a specially compressed stream. When this file is processed, it can lead to excessive memory consumption (RAM exhaustion), resulting in a Denial of Service (DoS) for the affected system. Mitigation:
redhat
CVE-2026-41313MEDIUMCVSS 4.82026-04-22
CVE-2026-41313 [MEDIUM] CWE-1284 pypdf: pypdf: Denial of Service via crafted PDF with large trailer /Size value pypdf: pypdf: Denial of Service via crafted PDF with large trailer /Size value A flaw was found in pypdf. An attacker can craft a malicious PDF file with a large trailer `/Size` value. When this PDF is loaded in incremental mode, it can lead to excessively long processing times, resulting in a Denial of Service (DoS) for the application or system processing the file. Mitigation: Miti
redhat
CVE-2026-28684MEDIUMCVSS 6.62026-04-20
CVE-2026-28684 [MEDIUM] CWE-59 python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following python-dotenv: python-dotenv: Arbitrary file overwrite via symbolic link following A flaw was found in python-dotenv. A local attacker can exploit this by crafting a symbolic link, which the `set_key()` and `unset_key()` functions in python-dotenv follow when rewriting `.env` files. This can lead to the overwriting of arbitrary files on the system. Mitigation: Mitigation for this i
redhat