SB2026062219 - Multiple vulnerabilities in IBM Watson Discovery Cartridge
Published: June 22, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Resource exhaustion (CVE-ID: CVE-2026-48155)
CWE-ID: CWE-400 - Resource exhaustion
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause excessive memory consumption.
The vulnerability exists due to uncontrolled resource consumption in the text extraction layout mode when processing a crafted PDF with large character offsets. A remote attacker can supply a specially crafted PDF to cause excessive memory consumption.
Exploitation requires text extraction to be performed in layout mode.
2) Excessive Iteration (CVE-ID: CVE-2026-48156)
CWE-ID: CWE-834 - Excessive Iteration
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to excessive iteration in cross-reference stream processing when parsing a crafted PDF file. A remote attacker can supply a PDF with zero-only width values and a large size value to cause a denial of service.
Exploitation requires cross-reference streams with /W [0 0 0] values and large /Size values.
3) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2026-48735)
CWE-ID: CWE-770 - Allocation of Resources Without Limits or Throttling
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to cause excessive memory consumption.
The vulnerability exists due to allocation of resources without limits or throttling in the XMP metadata parser when parsing large XMP metadata streams in a PDF file. A remote attacker can supply a specially crafted PDF file to cause excessive memory consumption.
Remediation
Install update from vendor's website.