1. CVE-Search
  2. CVE-2021-29421
ID CVE-2021-29421
Summary models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.
References
Vulnerable Configurations
  • cpe:2.3:a:pikepdf_project:pikepdf:1.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.6.5:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.7.0:-:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.7.0:-:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.7.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.7.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.7.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.7.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.10.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.10.1:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.10.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.10.2:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.10.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.10.3:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.10.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.10.4:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.10.4:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.11.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.11.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.11.1:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.11.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.11.2:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.11.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.12.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.12.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.13.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.13.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.14.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.14.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.15.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.15.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.15.1:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.15.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.16.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.16.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.16.1:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.16.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.17.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.17.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.17.1:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.17.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.17.2:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.17.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.17.3:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.17.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.18.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.18.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.19.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.19.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.19.1:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.19.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.19.2:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.19.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.19.3:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.19.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:1.19.4:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:1.19.4:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.0.0:beta2:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.0.0:beta2:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.2.3:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.2.3:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.2.4:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.2.4:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.2.5:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.2.5:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.8.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:pikepdf_project:pikepdf:2.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:pikepdf_project:pikepdf:2.9.2:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 03-12-2022 - 14:25)
Impact:
Exploitability:
CWE CWE-611
CAPEC
  • XML External Entities Blowup
    This attack takes advantage of the entity replacement property of XML where the value of the replacement is a URI. A well-crafted XML document could have the entity refer to a URI that consumes a large amount of resources to create a denial of service condition. This can cause the system to either freeze, crash, or execute arbitrary code depending on the URI.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
Last major update 03-12-2022 - 14:25
Published 01-04-2021 - 20:15
Last modified 03-12-2022 - 14:25
Back to Top