Search
Find a vulnerability
Search criteria
36 vulnerabilities by py-pdf
CVE-2026-57204 (GCVE-0-2026-57204)
Vulnerability from nvd – Published: 2026-06-30 21:59 – Updated: 2026-07-01 14:29
VLAI
Title
pypdf: Missing stream length values ignore defined limits
Summary
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAX_DECLARED_STREAM_LENGTH is sometimes ignored. This requires parsing a content stream without a /Length value. This issue has been fixed in version 6.13.3.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/releases/tag/6.13.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-57204",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-07-01T13:57:13.824803Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-07-01T14:29:01.785Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.13.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAX_DECLARED_STREAM_LENGTH is sometimes ignored. This requires parsing a content stream without a /Length value. This issue has been fixed in version 6.13.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-30T21:59:46.274Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-jm82-fx9c-mx94",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-jm82-fx9c-mx94"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.13.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.13.3"
}
],
"source": {
"advisory": "GHSA-jm82-fx9c-mx94",
"discovery": "UNKNOWN"
},
"title": "pypdf: Missing stream length values ignore defined limits"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-57204",
"datePublished": "2026-06-30T21:59:46.274Z",
"dateReserved": "2026-06-24T02:00:46.801Z",
"dateUpdated": "2026-07-01T14:29:01.785Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54651 (GCVE-0-2026-54651)
Vulnerability from nvd – Published: 2026-06-22 20:28 – Updated: 2026-06-23 12:10
VLAI
Title
pypdf: Possible infinite loop when processing threads/articles in writer
Summary
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3839 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.13.1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54651",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T12:09:57.316922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T12:10:07.463Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.13.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T20:28:28.412Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-g9xf-7f8q-9mcj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-g9xf-7f8q-9mcj"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3839",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3839"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.13.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.13.1"
}
],
"source": {
"advisory": "GHSA-g9xf-7f8q-9mcj",
"discovery": "UNKNOWN"
},
"title": "pypdf: Possible infinite loop when processing threads/articles in writer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-54651",
"datePublished": "2026-06-22T20:28:28.412Z",
"dateReserved": "2026-06-15T20:16:46.198Z",
"dateUpdated": "2026-06-23T12:10:07.463Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54531 (GCVE-0-2026-54531)
Vulnerability from nvd – Published: 2026-06-22 20:26 – Updated: 2026-06-23 16:11
VLAI
Title
pypdf: Possible infinite loop when processing outlines/bookmarks in writer
Summary
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3830 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.13.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54531",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T14:17:27.850481Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T16:11:53.472Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T20:26:19.756Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-m2v9-299j-rv96",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-m2v9-299j-rv96"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3830",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3830"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.13.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.13.0"
}
],
"source": {
"advisory": "GHSA-m2v9-299j-rv96",
"discovery": "UNKNOWN"
},
"title": "pypdf: Possible infinite loop when processing outlines/bookmarks in writer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-54531",
"datePublished": "2026-06-22T20:26:19.756Z",
"dateReserved": "2026-06-15T18:40:01.651Z",
"dateUpdated": "2026-06-23T16:11:53.472Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-54530 (GCVE-0-2026-54530)
Vulnerability from nvd – Published: 2026-06-22 20:25 – Updated: 2026-06-23 16:11
VLAI
Title
pypdf: Possible infinite loop when retrieving fonts for layout-mode text extraction
Summary
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3830 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.13.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-54530",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T14:52:35.536228Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T16:11:37.526Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T20:25:29.305Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-52x6-gq3r-vpf4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-52x6-gq3r-vpf4"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3830",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3830"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.13.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.13.0"
}
],
"source": {
"advisory": "GHSA-52x6-gq3r-vpf4",
"discovery": "UNKNOWN"
},
"title": "pypdf: Possible infinite loop when retrieving fonts for layout-mode text extraction"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-54530",
"datePublished": "2026-06-22T20:25:29.305Z",
"dateReserved": "2026-06-15T18:40:01.651Z",
"dateUpdated": "2026-06-23T16:11:37.526Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-49461 (GCVE-0-2026-49461)
Vulnerability from nvd – Published: 2026-06-22 20:27 – Updated: 2026-06-23 15:54
VLAI
Title
pypdf: Possible large memory usage for form XObjects during text extraction
Summary
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12.2.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3805 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.12.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-49461",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T12:23:13.224222Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T15:54:54.860Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T20:27:16.174Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-j543-4vmf-qm7v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-j543-4vmf-qm7v"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3805",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3805"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.12.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.12.2"
}
],
"source": {
"advisory": "GHSA-j543-4vmf-qm7v",
"discovery": "UNKNOWN"
},
"title": "pypdf: Possible large memory usage for form XObjects during text extraction"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-49461",
"datePublished": "2026-06-22T20:27:16.174Z",
"dateReserved": "2026-05-30T04:17:43.094Z",
"dateUpdated": "2026-06-23T15:54:54.860Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-49460 (GCVE-0-2026-49460)
Vulnerability from nvd – Published: 2026-06-22 20:28 – Updated: 2026-06-23 15:54
VLAI
Title
pypdf: Inefficient decoding of FlateDecode PNG predictor streams
Summary
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-407 - Inefficient Algorithmic Complexity
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3806 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.12.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-49460",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-23T14:04:25.948226Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T15:54:39.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.12.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-407",
"description": "CWE-407: Inefficient Algorithmic Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-22T20:28:16.413Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-5hgr-hg42-57jg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-5hgr-hg42-57jg"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3806",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3806"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.12.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.12.2"
}
],
"source": {
"advisory": "GHSA-5hgr-hg42-57jg",
"discovery": "UNKNOWN"
},
"title": "pypdf: Inefficient decoding of FlateDecode PNG predictor streams"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-49460",
"datePublished": "2026-06-22T20:28:16.413Z",
"dateReserved": "2026-05-30T02:43:33.107Z",
"dateUpdated": "2026-06-23T15:54:39.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48735 (GCVE-0-2026-48735)
Vulnerability from nvd – Published: 2026-05-28 14:49 – Updated: 2026-06-02 14:57
VLAI
Title
pypdf: Manipulated XMP metadata streams can exhaust RAM
Summary
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3796 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.12.1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48735",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-02T14:56:55.997922Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-02T14:57:31.021Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.12.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T14:49:11.814Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-wjqc-6w8f-h24c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-wjqc-6w8f-h24c"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3796",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3796"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.12.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.12.1"
}
],
"source": {
"advisory": "GHSA-wjqc-6w8f-h24c",
"discovery": "UNKNOWN"
},
"title": "pypdf: Manipulated XMP metadata streams can exhaust RAM"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-48735",
"datePublished": "2026-05-28T14:49:11.814Z",
"dateReserved": "2026-05-22T19:10:35.746Z",
"dateUpdated": "2026-06-02T14:57:31.021Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48156 (GCVE-0-2026-48156)
Vulnerability from nvd – Published: 2026-05-28 14:50 – Updated: 2026-05-30 02:08
VLAI
Title
pypdf: Possible long runtimes for zero-only width values in cross-reference streams
Summary
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W [0 0 0] values and large /Size values. This vulnerability is fixed in 6.12.0.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-834 - Excessive Iteration
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3791 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.12.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48156",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-30T02:08:10.197722Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-30T02:08:20.806Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W [0 0 0] values and large /Size values. This vulnerability is fixed in 6.12.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-834",
"description": "CWE-834: Excessive Iteration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T14:50:41.829Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-248m-82v9-q6g6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-248m-82v9-q6g6"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3791",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3791"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.12.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.12.0"
}
],
"source": {
"advisory": "GHSA-248m-82v9-q6g6",
"discovery": "UNKNOWN"
},
"title": "pypdf: Possible long runtimes for zero-only width values in cross-reference streams"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-48156",
"datePublished": "2026-05-28T14:50:41.829Z",
"dateReserved": "2026-05-20T23:12:43.031Z",
"dateUpdated": "2026-05-30T02:08:20.806Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-48155 (GCVE-0-2026-48155)
Vulnerability from nvd – Published: 2026-05-28 14:51 – Updated: 2026-05-28 15:57
VLAI
Title
pypdf: Possible large memory usage for large offsets for layout mode text
Summary
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3790 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.12.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-48155",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-28T15:57:44.616233Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T15:57:54.367Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.12.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-28T14:51:49.411Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-cj93-chg6-vgv8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-cj93-chg6-vgv8"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3790",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3790"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.12.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.12.0"
}
],
"source": {
"advisory": "GHSA-cj93-chg6-vgv8",
"discovery": "UNKNOWN"
},
"title": "pypdf: Possible large memory usage for large offsets for layout mode text"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-48155",
"datePublished": "2026-05-28T14:51:49.411Z",
"dateReserved": "2026-05-20T23:12:43.031Z",
"dateUpdated": "2026-05-28T15:57:54.367Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41314 (GCVE-0-2026-41314)
Vulnerability from nvd – Published: 2026-04-22 21:08 – Updated: 2026-04-23 14:21
VLAI
Title
pypdf: Manipulated FlateDecode image dimensions can exhaust RAM
Summary
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using `/FlateDecode` with large size values. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3734 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/commit/ac734dab4e… | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.10.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41314",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T14:21:23.056055Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T14:21:47.589Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using `/FlateDecode` with large size values. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T21:08:14.700Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-x284-j5p8-9c5p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-x284-j5p8-9c5p"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3734",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3734"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.10.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.10.2"
}
],
"source": {
"advisory": "GHSA-x284-j5p8-9c5p",
"discovery": "UNKNOWN"
},
"title": "pypdf: Manipulated FlateDecode image dimensions can exhaust RAM"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41314",
"datePublished": "2026-04-22T21:08:14.700Z",
"dateReserved": "2026-04-20T14:01:46.671Z",
"dateUpdated": "2026-04-23T14:21:47.589Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41313 (GCVE-0-2026-41313)
Vulnerability from nvd – Published: 2026-04-22 21:04 – Updated: 2026-04-23 16:24
VLAI
Title
pypdf: Possible long runtimes for wrong size values in incremental mode
Summary
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer `/Size` value in incremental mode. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-834 - Excessive Iteration
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3735 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/commit/c50a0104cf… | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.10.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41313",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T13:42:06.228654Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T16:24:39.932Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer `/Size` value in incremental mode. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-834",
"description": "CWE-834: Excessive Iteration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T21:04:59.877Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-4pxv-j86v-mhcw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-4pxv-j86v-mhcw"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3735",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3735"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/c50a0104cf083356f7c7f5d61410466a57f5c88a"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.10.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.10.2"
}
],
"source": {
"advisory": "GHSA-4pxv-j86v-mhcw",
"discovery": "UNKNOWN"
},
"title": "pypdf: Possible long runtimes for wrong size values in incremental mode"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41313",
"datePublished": "2026-04-22T21:04:59.877Z",
"dateReserved": "2026-04-20T14:01:46.671Z",
"dateUpdated": "2026-04-23T16:24:39.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41312 (GCVE-0-2026-41312)
Vulnerability from nvd – Published: 2026-04-22 21:02 – Updated: 2026-04-23 13:45
VLAI
Title
pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM
Summary
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using `/FlateDecode` with a `/Predictor` unequal 1 and large predictor parameters. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3734 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/commit/ac734dab4e… | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.10.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41312",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T13:45:18.970091Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T13:45:30.296Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using `/FlateDecode` with a `/Predictor` unequal 1 and large predictor parameters. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T21:04:22.958Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-7gw9-cf7v-778f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-7gw9-cf7v-778f"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3734",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3734"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.10.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.10.2"
}
],
"source": {
"advisory": "GHSA-7gw9-cf7v-778f",
"discovery": "UNKNOWN"
},
"title": "pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41312",
"datePublished": "2026-04-22T21:02:53.156Z",
"dateReserved": "2026-04-20T14:01:46.671Z",
"dateUpdated": "2026-04-23T13:45:30.296Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-41168 (GCVE-0-2026-41168)
Vulnerability from nvd – Published: 2026-04-22 20:49 – Updated: 2026-04-23 16:24
VLAI
Title
pypdf has possible long runtimes for wrong size values in cross-reference and object streams
Summary
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large `/Size` values or object streams with wrong large `/N` values. This has been fixed in pypdf 6.10.1. As a workaround, one may apply the changes from the patch manually.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-834 - Excessive Iteration
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3733 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/commit/62338e9d36… | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.10.1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-41168",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-23T13:41:24.058142Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-23T16:24:48.712Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large `/Size` values or object streams with wrong large `/N` values. This has been fixed in pypdf 6.10.1. As a workaround, one may apply the changes from the patch manually."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-834",
"description": "CWE-834: Excessive Iteration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T20:49:10.401Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-jj6c-8h6c-hppx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-jj6c-8h6c-hppx"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3733",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3733"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/62338e9d36419cf193ccec7331784f45df1d70b3"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.10.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.10.1"
}
],
"source": {
"advisory": "GHSA-jj6c-8h6c-hppx",
"discovery": "UNKNOWN"
},
"title": "pypdf has possible long runtimes for wrong size values in cross-reference and object streams"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-41168",
"datePublished": "2026-04-22T20:49:10.401Z",
"dateReserved": "2026-04-17T16:34:45.525Z",
"dateUpdated": "2026-04-23T16:24:48.712Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-40260 (GCVE-0-2026-40260)
Vulnerability from nvd – Published: 2026-04-16 23:18 – Updated: 2026-04-17 18:42
VLAI
Title
pypdf: Manipulated XMP metadata entity declarations can exhaust RAM
Summary
pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has been fixed in version 6.10.0.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-776 - Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3724 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/commit/b15a374e5c… | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.10.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-40260",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-17T18:41:50.866889Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-17T18:42:05.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.10.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has been fixed in version 6.10.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-776",
"description": "CWE-776: Improper Restriction of Recursive Entity References in DTDs (\u0027XML Entity Expansion\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-16T23:18:26.687Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-3crg-w4f6-42mx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-3crg-w4f6-42mx"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3724",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3724"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/b15a374e5ca648d4878e57c3b2c0551e7f8cc7f8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/b15a374e5ca648d4878e57c3b2c0551e7f8cc7f8"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.10.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.10.0"
}
],
"source": {
"advisory": "GHSA-3crg-w4f6-42mx",
"discovery": "UNKNOWN"
},
"title": "pypdf: Manipulated XMP metadata entity declarations can exhaust RAM"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-40260",
"datePublished": "2026-04-16T23:18:26.687Z",
"dateReserved": "2026-04-10T17:31:45.787Z",
"dateUpdated": "2026-04-17T18:42:05.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33699 (GCVE-0-2026-33699)
Vulnerability from nvd – Published: 2026-03-26 23:58 – Updated: 2026-03-27 19:59
VLAI
Title
pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream
Summary
pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade yet, consider applying the changes from the patch manually.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3693 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.9.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33699",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-27T13:27:07.800115Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-27T19:59:39.751Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.9.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade yet, consider applying the changes from the patch manually."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 4.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-26T23:58:42.776Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-87mj-5ggw-8qc3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-87mj-5ggw-8qc3"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3693",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3693"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.9.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.9.2"
}
],
"source": {
"advisory": "GHSA-87mj-5ggw-8qc3",
"discovery": "UNKNOWN"
},
"title": "pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33699",
"datePublished": "2026-03-26T23:58:42.776Z",
"dateReserved": "2026-03-23T17:06:05.746Z",
"dateUpdated": "2026-03-27T19:59:39.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-33123 (GCVE-0-2026-33123)
Vulnerability from nvd – Published: 2026-03-20 09:09 – Updated: 2026-03-20 18:07
VLAI
Title
pypdf has inefficient decoding of array-based streams
Summary
pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3686 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.9.1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-33123",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-20T16:03:57.586173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T18:07:16.458Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.9.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-407",
"description": "CWE-407: Inefficient Algorithmic Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-20T09:09:12.831Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-qpxp-75px-xjcp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-qpxp-75px-xjcp"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3686",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3686"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.9.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.9.1"
}
],
"source": {
"advisory": "GHSA-qpxp-75px-xjcp",
"discovery": "UNKNOWN"
},
"title": "pypdf has inefficient decoding of array-based streams"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-33123",
"datePublished": "2026-03-20T09:09:12.831Z",
"dateReserved": "2026-03-17T20:35:49.926Z",
"dateUpdated": "2026-03-20T18:07:16.458Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-31826 (GCVE-0-2026-31826)
Vulnerability from nvd – Published: 2026-03-10 21:36 – Updated: 2026-03-11 15:59
VLAI
Title
pypdf: manipulated stream length values can exhaust RAM
Summary
pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. This vulnerability is fixed in 6.8.0.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3675 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.8.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-31826",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-11T15:51:55.234665Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-11T15:59:26.902Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.8.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. This vulnerability is fixed in 6.8.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "PASSIVE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T21:36:52.186Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-hqmh-ppp3-xvm7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-hqmh-ppp3-xvm7"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3675",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3675"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.8.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.8.0"
}
],
"source": {
"advisory": "GHSA-hqmh-ppp3-xvm7",
"discovery": "UNKNOWN"
},
"title": "pypdf: manipulated stream length values can exhaust RAM"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-31826",
"datePublished": "2026-03-10T21:36:52.186Z",
"dateReserved": "2026-03-09T17:41:56.077Z",
"dateUpdated": "2026-03-11T15:59:26.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28804 (GCVE-0-2026-28804)
Vulnerability from nvd – Published: 2026-03-06 06:46 – Updated: 2026-03-06 16:05
VLAI
Title
pypdf: Inefficient decoding of ASCIIHexDecode streams
Summary
pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-407 - Inefficient Algorithmic Complexity
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3666 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/commit/648c627d26… | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.7.5 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-06T15:59:59.320844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T16:05:28.630Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.7.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-407",
"description": "CWE-407: Inefficient Algorithmic Complexity",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-06T06:46:28.890Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-9m86-7pmv-2852",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-9m86-7pmv-2852"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3666",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3666"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/648c627d2657447dfb1773412af05a0a5103b98f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/648c627d2657447dfb1773412af05a0a5103b98f"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.7.5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.7.5"
}
],
"source": {
"advisory": "GHSA-9m86-7pmv-2852",
"discovery": "UNKNOWN"
},
"title": "pypdf: Inefficient decoding of ASCIIHexDecode streams"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28804",
"datePublished": "2026-03-06T06:46:28.890Z",
"dateReserved": "2026-03-03T14:25:19.246Z",
"dateUpdated": "2026-03-06T16:05:28.630Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-28351 (GCVE-0-2026-28351)
Vulnerability from nvd – Published: 2026-02-27 20:59 – Updated: 2026-03-03 20:28
VLAI
Title
Manipulated RunLengthDecode streams can exhaust RAM
Summary
pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaround, consider applying the changes from PR #3664.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3664 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/commit/f309c60037… | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.7.4 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-28351",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-03T20:28:37.910844Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-03T20:28:45.592Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.7.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaround, consider applying the changes from PR #3664."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T20:59:16.839Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-f2v5-7jq9-h8cg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-f2v5-7jq9-h8cg"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3664",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3664"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/f309c6003746414dc7b5048c19e6d879ff2dc858",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/f309c6003746414dc7b5048c19e6d879ff2dc858"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.7.4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.7.4"
}
],
"source": {
"advisory": "GHSA-f2v5-7jq9-h8cg",
"discovery": "UNKNOWN"
},
"title": "Manipulated RunLengthDecode streams can exhaust RAM"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-28351",
"datePublished": "2026-02-27T20:59:16.839Z",
"dateReserved": "2026-02-26T18:38:13.890Z",
"dateUpdated": "2026-03-03T20:28:45.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27888 (GCVE-0-2026-27888)
Vulnerability from nvd – Published: 2026-02-26 00:42 – Updated: 2026-06-23 15:49
VLAI
Title
pypdf: Manipulated FlateDecode XFA streams can exhaust RAM
Summary
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the `xfa` property of a reader or writer and the corresponding stream being compressed using `/FlateDecode`. This has been fixed in pypdf 6.7.3. As a workaround, apply the patch manually.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3658 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/commit/7a4c8246ed… | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.7.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27888",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-26T16:15:44.619815Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-23T15:49:46.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.7.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the `xfa` property of a reader or writer and the corresponding stream being compressed using `/FlateDecode`. This has been fixed in pypdf 6.7.3. As a workaround, apply the patch manually."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-26T00:42:00.542Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-x7hp-r3qg-r3cj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-x7hp-r3qg-r3cj"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3658",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3658"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/7a4c8246ed48d9d328fb596942271da47b6d109c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/7a4c8246ed48d9d328fb596942271da47b6d109c"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.7.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.7.3"
}
],
"source": {
"advisory": "GHSA-x7hp-r3qg-r3cj",
"discovery": "UNKNOWN"
},
"title": "pypdf: Manipulated FlateDecode XFA streams can exhaust RAM"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27888",
"datePublished": "2026-02-26T00:42:00.542Z",
"dateReserved": "2026-02-24T15:19:29.716Z",
"dateUpdated": "2026-06-23T15:49:46.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27628 (GCVE-0-2026-27628)
Vulnerability from nvd – Published: 2026-02-25 02:45 – Updated: 2026-02-27 19:49
VLAI
Title
pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams
Summary
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually.
Severity
SSVC
Exploitation: poc
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/issues/3654 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/commit/f0a462d369… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27628",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-25T15:58:27.836793Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-25T15:58:33.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/py-pdf/pypdf/issues/3654"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.7.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 1.2,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "ACTIVE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-27T19:49:02.019Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"
},
{
"name": "https://github.com/py-pdf/pypdf/issues/3654",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/issues/3654"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/f0a462d36971cf077d74492a348d0d06fd60ea4d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/f0a462d36971cf077d74492a348d0d06fd60ea4d"
}
],
"source": {
"advisory": "GHSA-2rw7-x74f-jg35",
"discovery": "UNKNOWN"
},
"title": "pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27628",
"datePublished": "2026-02-25T02:45:37.543Z",
"dateReserved": "2026-02-20T22:02:30.027Z",
"dateUpdated": "2026-02-27T19:49:02.019Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27026 (GCVE-0-2026-27026)
Vulnerability from nvd – Published: 2026-02-20 21:12 – Updated: 2026-02-24 18:47
VLAI
Title
pypdf possibly has long runtimes for malformed FlateDecode streams
Summary
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-770 - Allocation of Resources Without Limits or Throttling
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3644 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/commit/7905842d83… | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.7.1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27026",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-24T18:46:44.502341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T18:47:02.304Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-770",
"description": "CWE-770: Allocation of Resources Without Limits or Throttling",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T21:12:33.537Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-9mvc-8737-8j8h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-9mvc-8737-8j8h"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3644",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3644"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/7905842d833f899f1d3228af7e7467ad80277016",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/7905842d833f899f1d3228af7e7467ad80277016"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.7.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.7.1"
}
],
"source": {
"advisory": "GHSA-9mvc-8737-8j8h",
"discovery": "UNKNOWN"
},
"title": "pypdf possibly has long runtimes for malformed FlateDecode streams"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27026",
"datePublished": "2026-02-20T21:12:33.537Z",
"dateReserved": "2026-02-17T03:08:23.491Z",
"dateUpdated": "2026-02-24T18:47:02.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27025 (GCVE-0-2026-27025)
Vulnerability from nvd – Published: 2026-02-20 21:11 – Updated: 2026-02-24 18:40
VLAI
Title
pypdf has possible long runtimes/large memory usage for large /ToUnicode streams
Summary
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. This vulnerability is fixed in 6.7.1.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-834 - Excessive Iteration
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3646 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/commit/77d7b8d7cf… | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.7.1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27025",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-24T18:39:43.799501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T18:40:02.655Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. This vulnerability is fixed in 6.7.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-834",
"description": "CWE-834: Excessive Iteration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T21:11:20.441Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-wgvp-vg3v-2xq3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-wgvp-vg3v-2xq3"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3646",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3646"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/77d7b8d7cfbe8dd179858dfa42666f73fc6e57a2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/77d7b8d7cfbe8dd179858dfa42666f73fc6e57a2"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.7.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.7.1"
}
],
"source": {
"advisory": "GHSA-wgvp-vg3v-2xq3",
"discovery": "UNKNOWN"
},
"title": "pypdf has possible long runtimes/large memory usage for large /ToUnicode streams"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27025",
"datePublished": "2026-02-20T21:11:20.441Z",
"dateReserved": "2026-02-17T03:08:23.490Z",
"dateUpdated": "2026-02-24T18:40:02.655Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-27024 (GCVE-0-2026-27024)
Vulnerability from nvd – Published: 2026-02-20 21:10 – Updated: 2026-02-24 18:34
VLAI
Title
pypdf has a possible infinite loop when processing TreeObject
Summary
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in 6.7.1.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3645 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/commit/bd2f6d052f… | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.7.1 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-27024",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-24T18:34:14.751487Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-24T18:34:30.680Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.7.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in 6.7.1."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-20T21:10:07.864Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-996q-pr4m-cvgq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-996q-pr4m-cvgq"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3645",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3645"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/bd2f6d052fe5941e85e37082c2a43453d48d1295",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/bd2f6d052fe5941e85e37082c2a43453d48d1295"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.7.1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.7.1"
}
],
"source": {
"advisory": "GHSA-996q-pr4m-cvgq",
"discovery": "UNKNOWN"
},
"title": "pypdf has a possible infinite loop when processing TreeObject"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-27024",
"datePublished": "2026-02-20T21:10:07.864Z",
"dateReserved": "2026-02-17T03:08:23.490Z",
"dateUpdated": "2026-02-24T18:34:30.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-24688 (GCVE-0-2026-24688)
Vulnerability from nvd – Published: 2026-01-27 19:44 – Updated: 2026-01-27 20:51
VLAI
Title
pypdf has possible Infinite Loop when processing outlines/bookmarks
Summary
pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects cannot upgrade yet, consider applying the changes from PR #3610 manually.
Severity
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3610 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/commit/b1282f8dcd… | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.6.2 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-24688",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-27T20:35:51.227753Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T20:51:48.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.6.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects cannot upgrade yet, consider applying the changes from PR #3610 manually."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "LOCAL",
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-835",
"description": "CWE-835: Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-27T19:44:06.173Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2q4j-m29v-hq73",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-2q4j-m29v-hq73"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3610",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3610"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/b1282f8dcdc1a7b41ceab6740ffddfdf31b1fec1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/b1282f8dcdc1a7b41ceab6740ffddfdf31b1fec1"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.6.2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.6.2"
}
],
"source": {
"advisory": "GHSA-2q4j-m29v-hq73",
"discovery": "UNKNOWN"
},
"title": "pypdf has possible Infinite Loop when processing outlines/bookmarks"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-24688",
"datePublished": "2026-01-27T19:44:06.173Z",
"dateReserved": "2026-01-23T20:40:23.389Z",
"dateUpdated": "2026-01-27T20:51:48.030Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22691 (GCVE-0-2026-22691)
Vulnerability from nvd – Published: 2026-01-10 04:46 – Updated: 2026-01-12 16:48
VLAI
Title
pypdf has possible long runtimes for malformed startxref
Summary
pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-reference table, PDF files with lots of whitespace characters become problematic. Only the non-strict reading mode is affected. Only the non-strict reading mode is affected. This issue has been patched in version 6.6.0.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3594 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/commit/294165726b… | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.6.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22691",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T16:48:45.352870Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T16:48:53.503Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-reference table, PDF files with lots of whitespace characters become problematic. Only the non-strict reading mode is affected. Only the non-strict reading mode is affected. This issue has been patched in version 6.6.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.7,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1333",
"description": "CWE-1333: Inefficient Regular Expression Complexity",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T04:46:12.423Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-4f6g-68pf-7vhv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-4f6g-68pf-7vhv"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3594",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3594"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.6.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.6.0"
}
],
"source": {
"advisory": "GHSA-4f6g-68pf-7vhv",
"discovery": "UNKNOWN"
},
"title": "pypdf has possible long runtimes for malformed startxref"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22691",
"datePublished": "2026-01-10T04:46:12.423Z",
"dateReserved": "2026-01-08T19:23:09.855Z",
"dateUpdated": "2026-01-12T16:48:53.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-22690 (GCVE-0-2026-22690)
Vulnerability from nvd – Published: 2026-01-10 04:41 – Updated: 2026-01-12 17:07
VLAI
Title
pypdf has possible long runtimes for missing /Root object with large /Size values
Summary
pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be achieved by omitting the /Root entry in the trailer, while using a rather large /Size value. Only the non-strict reading mode is affected. This issue has been patched in version 6.6.0.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3594 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/commit/294165726b… | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.6.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-22690",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-01-12T17:06:53.596988Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-01-12T17:07:00.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.6.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be achieved by omitting the /Root entry in the trailer, while using a rather large /Size value. Only the non-strict reading mode is affected. This issue has been patched in version 6.6.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 2.7,
"baseSeverity": "LOW",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-01-10T04:41:20.773Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-4xc4-762w-m6cg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-4xc4-762w-m6cg"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3594",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3594"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.6.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.6.0"
}
],
"source": {
"advisory": "GHSA-4xc4-762w-m6cg",
"discovery": "UNKNOWN"
},
"title": "pypdf has possible long runtimes for missing /Root object with large /Size values"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-22690",
"datePublished": "2026-01-10T04:41:20.773Z",
"dateReserved": "2026-01-08T19:23:09.854Z",
"dateUpdated": "2026-01-12T17:07:00.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-66019 (GCVE-0-2025-66019)
Vulnerability from nvd – Published: 2025-11-25 23:38 – Updated: 2026-01-20 18:33
VLAI
Title
pypdf manipulated LZWDecode streams can exhaust RAM
Summary
pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patched in version 6.4.0.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/commit/96186725e5… | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.4.0 | x_refsource_MISC |
| https://aydinnyunus.github.io/2025/12/20/cve-2025… |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-66019",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-26T16:12:41.650530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T16:12:49.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2026-01-20T18:33:02.928Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://aydinnyunus.github.io/2025/12/20/cve-2025-66019-pypdf-lzw-dos/"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This issue has been patched in version 6.4.0."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T23:38:12.473Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-m449-cwjh-6pw7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-m449-cwjh-6pw7"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/96186725e5e6f237129a58a97cd19204a9ce40b2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/96186725e5e6f237129a58a97cd19204a9ce40b2"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.4.0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.4.0"
}
],
"source": {
"advisory": "GHSA-m449-cwjh-6pw7",
"discovery": "UNKNOWN"
},
"title": "pypdf manipulated LZWDecode streams can exhaust RAM"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-66019",
"datePublished": "2025-11-25T23:38:12.473Z",
"dateReserved": "2025-11-21T01:08:02.613Z",
"dateUpdated": "2026-01-20T18:33:02.928Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-62708 (GCVE-0-2025-62708)
Vulnerability from nvd – Published: 2025-10-22 21:36 – Updated: 2025-10-23 15:10
VLAI
Title
pypdf manipulated LZWDecode streams can exhaust RAM
Summary
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3502 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/commit/e51d07807f… | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.1.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62708",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T15:10:16.712325Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T15:10:58.953Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T21:36:56.788Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-jfx9-29x2-rv3j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-jfx9-29x2-rv3j"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3502",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3502"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/e51d07807ffcdaf18077b9486dadb3dc05b368da",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/e51d07807ffcdaf18077b9486dadb3dc05b368da"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.1.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.1.3"
}
],
"source": {
"advisory": "GHSA-jfx9-29x2-rv3j",
"discovery": "UNKNOWN"
},
"title": "pypdf manipulated LZWDecode streams can exhaust RAM"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62708",
"datePublished": "2025-10-22T21:36:56.788Z",
"dateReserved": "2025-10-20T19:41:22.739Z",
"dateUpdated": "2025-10-23T15:10:58.953Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-62707 (GCVE-0-2025-62707)
Vulnerability from nvd – Published: 2025-10-22 21:36 – Updated: 2025-10-23 15:41
VLAI
Title
pypdf affected by possible infinite loop when reading DCT inline images without EOF marker
Summary
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in pypdf version 6.1.3.
Severity
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-834 - Excessive Iteration
Assigner
References
4 references
| URL | Tags |
|---|---|
| https://github.com/py-pdf/pypdf/security/advisori… | x_refsource_CONFIRM |
| https://github.com/py-pdf/pypdf/pull/3501 | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/commit/f2864d6dd9… | x_refsource_MISC |
| https://github.com/py-pdf/pypdf/releases/tag/6.1.3 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-62707",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-23T15:41:24.281982Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-23T15:41:41.081Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "pypdf",
"vendor": "py-pdf",
"versions": [
{
"status": "affected",
"version": "\u003c 6.1.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in pypdf version 6.1.3."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"privilegesRequired": "NONE",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "NONE",
"vulnIntegrityImpact": "NONE"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-834",
"description": "CWE-834: Excessive Iteration",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-22T21:36:32.754Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-vr63-x8vc-m265",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-vr63-x8vc-m265"
},
{
"name": "https://github.com/py-pdf/pypdf/pull/3501",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/pull/3501"
},
{
"name": "https://github.com/py-pdf/pypdf/commit/f2864d6dd9bac7cecd3f4f54308b25ebbfa178f8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/commit/f2864d6dd9bac7cecd3f4f54308b25ebbfa178f8"
},
{
"name": "https://github.com/py-pdf/pypdf/releases/tag/6.1.3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/py-pdf/pypdf/releases/tag/6.1.3"
}
],
"source": {
"advisory": "GHSA-vr63-x8vc-m265",
"discovery": "UNKNOWN"
},
"title": "pypdf affected by possible infinite loop when reading DCT inline images without EOF marker"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-62707",
"datePublished": "2025-10-22T21:36:32.754Z",
"dateReserved": "2025-10-20T19:41:22.739Z",
"dateUpdated": "2025-10-23T15:41:41.081Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}