69 matches found
CVE-2026-59936
A flaw was found in pypdf, a pure-Python PDF library. A remote attacker can craft a malicious PDF document containing an unterminated inline image within its page content stream. When a user processes this crafted PDF, such as during text extraction, the vulnerability causes an infinite loop,...
Linux Distros Unpatched Vulnerability : CVE-2026-57204
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can...
UBUNTU-CVE-2026-57204
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream...
CVE-2026-57204 pypdf: Missing stream length values ignore defined limits
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream...
PT-2026-54003
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.13.3 Description A flaw in the library allows a maliciously crafted PDF to cause a Denial of Service DoS. This occurs when the system parses a content stream that lacks a /Length value, causing the MAX DECLARED STREAM...
Improper Validation of Specified Quantity in Input
Overview Affected versions of this package are vulnerable to Improper Validation of Specified Quantity in Input via the emission of non-finite color values in the content stream. An attacker can cause PDF viewers to reject the content stream, affected page, or entire document by supplying special...
oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS)
Impact oxidize-pdf defines Color as a pub enum with public tuple-struct variants Rgbf64, f64, f64, Grayf64, and Cmykf64, f64, f64, f64. The constructors Color::rgb, Color::gray, and Color::cmyk clamp incoming components to 0.0, 1.0, but because the variants are pub, callers can construct values...
GHSA-88Q9-CMP2-C2VQ oxidize-pdf: NaN/inf bypass in colour content-stream emission causes PDF rejection (DoS)
Impact oxidize-pdf defines Color as a pub enum with public tuple-struct variants Rgbf64, f64, f64, Grayf64, and Cmykf64, f64, f64, f64. The constructors Color::rgb, Color::gray, and Color::cmyk clamp incoming components to 0.0, 1.0, but because the variants are pub, callers can construct values...
Denial Of Service (DoS)
pypdf is vulnerable to Denial Of Service. The vulnerability is due to parsing a PDF content stream with an inflated Length value, where the parser allocates memory based on the declared length without verifying the actual data size, and an attacker can craft a PDF with a large /Length field to...
EUVD-2026-10924
pypdf: manipulated stream length values can exhaust RAM...
EUVD-2026-10925
pypdf: manipulated stream length values can exhaust RAM...
CVE-2026-31826
pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...
DEBIAN-CVE-2026-31826
pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...
UBUNTU-CVE-2026-31826
pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...
CVE-2026-31826 pypdf: manipulated stream length values can exhaust RAM
pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...
CVE-2026-31826
pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...
CVE-2026-31826 pypdf: manipulated stream length values can exhaust RAM
pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...
CVE-2026-31826
pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. Thi...
PT-2026-24480
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.8.0 Description pypdf is a free and open-source pure-python PDF library. A crafted PDF file can cause excessive memory usage when parsed, specifically when processing a content stream with a large /Length value,...
CVE-2026-28351
A flaw was found in pypdf, a free and open-source pure-python PDF library. An attacker can exploit this vulnerability by crafting a malicious PDF file that, when parsed, leads to excessive memory consumption. This occurs specifically when processing the content stream using the RunLengthDecode...