CVE-2021-29421

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-29421

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29421.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-29421

Aliases

Downstream

UBUNTU-CVE-2021-29421

openSUSE-SU-2024:11250-1

openSUSE-SU-2024:13864-1

Related

Published

2021-04-01T20:15:12Z

Modified

2025-08-26T06:30:57.110148Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

models/metadata.py in the pikepdf package 1.3.0 through 2.9.2 for Python allows XXE when parsing XMP metadata entries.

References

Affected packages

Debian:11 / pikepdf

Package

Name: pikepdf
Purl: pkg:deb/debian/pikepdf?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17.3+dfsg-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / pikepdf

Package

Name: pikepdf
Purl: pkg:deb/debian/pikepdf?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17.3+dfsg-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / pikepdf

Package

Name: pikepdf
Purl: pkg:deb/debian/pikepdf?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17.3+dfsg-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / pikepdf

Package

Name: pikepdf
Purl: pkg:deb/debian/pikepdf?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.17.3+dfsg-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/pikepdf/pikepdf

Affected ranges

Type: GIT
Repo: https://github.com/pikepdf/pikepdf
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

3f38f73218e5e782fe411ccbb3b44a793c0b343a

Affected versions

v0.*

v0.1.0

v0.1.0.post1

v0.1.1

v0.1.10

v0.1.10rc1

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.1.9

v0.10.0

v0.10.1

v0.10.2

v0.1rc1

v0.1rc2

v0.1rc3

v0.1rc4

v0.1rc5

v0.2.0

v0.2.1

v0.2.2

v0.3.0

v0.3.1

v0.3.2

v0.3.3

v0.3.4

v0.3.5

v0.3.6

v0.3.7

v0.3.7post2

v0.9.0

v0.9.1

v0.9.2

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.0.3

v1.0.4

v1.0.5

v1.1.0

v1.10.0

v1.10.1

v1.10.2

v1.10.3

v1.10.4

v1.11.0

v1.11.1

v1.11.2

v1.12.0

v1.13.0

v1.14.0

v1.15.0

v1.15.1

v1.16.0

v1.16.1

v1.17.0

v1.17.1

v1.17.2

v1.17.3

v1.18.0

v1.19.0

v1.19.1

v1.19.2

v1.19.3

v1.2.0

v1.3.0

v1.3.1

v1.4.0

v1.5.0

v1.5.0.post0

v1.6.0

v1.6.1

v1.6.2

v1.6.3

v1.6.4

v1.6.5

v1.7.0

v1.7.0rc1

v1.7.0rc2

v1.7.1

v1.8.0

v1.8.1

v1.8.2

v1.8.3

v1.9.0

v2.*

v2.0.0

v2.0.0b1

v2.0.0b2

v2.1.0

v2.1.1

v2.1.2

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.3.0

v2.4.0

v2.5.0

v2.5.1

v2.5.2

v2.6.0

v2.7.0

v2.8.0

v2.8.0.post1

v2.8.0.post2

v2.9.0

v2.9.1

v2.9.2