pypdf: Possible long runtimes for zero-only width values in cross-reference streamsuntimes for zero-only width values in cross-reference streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W 0 0 0 values and large /Size values. Patches This has been fixed in pypdf==6.12.0. Workarounds If developers are unable to upgrade their apps immediately, the...

CVE-2026-28351

CVE-2026-28351 affects pypdf before 6.7.4. An attacker can craft a PDF using a RunLengthDecode content stream to cause excessive memory usage during parsing. Root cause: improper handling of RunLengthDecode in content streams. Impact: potential high memory consumption with low exploit complexity;...

GHSA-HM9V-VJ3R-R55M PyPDF2 vulnerable to possible Infinite Loop when reading malformed objects

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such ...