Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.
https://medium.com/@salbibar/solarlab-fa08dd16c70a?source=rss------cybersecurity-5
https://medium.com/@salbibar/solarlab-7f450cfbba8a?source=rss------hacking-5