6 matches found
π pypdf Memory Exhaustion / Denial of Service
pypdf versions prior to 6.7.3 were vulnerable to a denial of service condition caused by uncontrolled memory allocation during decompression of XFA streams. An attacker could craft a malicious PDF file containing a highly compressed stream using /FlateDecode...
01os (>=0.0.5 <=0.0.13), 3m (>=0.1.0 <=0.1.3) +2554 more potentially affected by CVE-2026-27888 via pypdf (>=3.10.0 <=6.7.2)
pypdf PYPI version =3.10.0, =0.0.5, =0.1.0, =0.0.1, =0.2.0, =0.4.0, =0.3.0, =0.3.0, =0.1.1, =0.1.0, =0.0.2, =0.2.0, =1.2.27, =3.0.145 and more Source cves: CVE-2026-27888 Source advisory: OSV:GHSA-X7HP-R3QG-R3CJ...
01os (>=0.0.5 <=0.0.13), 3m (>=0.1.0 <=0.1.3) +2094 more potentially affected by CVE-2026-27888 via pypdf (>=6.0.0 <=6.7.2)
pypdf PYPI version =6.0.0, =0.0.5, =0.1.0, =0.0.1, =0.2.0, =0.4.0, =0.3.0, =0.3.0, =0.1.1, =0.1.0, =0.0.2, =0.2.0, =1.2.27, =0.1.0, =0.6.0, =0.7.3 and more Source cves: CVE-2026-27888 Source advisory: SNYK:PYTHON-PYPDF-15353400...
CVE-2026-27888
creationtimestamp| type| source ---|---|--- 2026-02-26 02:25:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mfq5e5qc2u2u 2026-02-26 20:40:19+00:00| seen| https://gist.github.com/alon710/46cb981f7572074584ce82b41bf22f76 2026-02-28 10:11:10+00:00| seen|...
CVE-2026-27888
CVE-2026-27888 affects the pypdf library (Python) prior to 6.7.3. The issue arises when an attacker crafts a PDF that causes RAM exhaustion by accessing the reader/writerβs xfa property and a compressed stream using FlateDecode, leading to high availability impact. The vulnerability does not disc...
CVE-2026-27888
pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode...