pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. Patches This has been fixed in pypdf==6.7.2. Workarounds If users cannot upgrade yet, consider applying the changes from PR 3655...

CVE-2026-27628

A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference xref chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service. Mitigation Mitigation for this issue is either not...

Infinite loop

Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop in reader.py, when loading circular /Prev entries in cross-reference streams. An attacker can cause the application ...

CVE-2026-27628 pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually...

CVE-2026-27628 pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually...

CVE-2026-27628 pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually...

CVE-2026-27628

CVE-2026-27628 affects the Python PDF library pypdf prior to version 6.7.2. An attacker can craft a PDF that, when read, leads to an infinite loop, exposing users who load the file to potential denial of service. The issue is fixed in pypdf 6.7.2; a patch can also be applied manually as a workaro...

CVE-2026-22691

pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-referen...

CVE-2026-22691

pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-referen...

UBUNTU-CVE-2026-22691

pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-referen...

EUVD-2026-1877

pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-referen...

CVE-2026-22691 pypdf has possible long runtimes for malformed startxref

pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-referen...

EUVD-2021-20470

Malware in sbrugna...

EUVD-2019-16794

Malware in sbrugna...

EUVD-2020-6023

Malware in sbrugna...

EUVD-2025-24648

Malicious code in bioql PyPI...

EUVD-2022-30301

Malicious code in bioql PyPI...

EUVD-2025-30224

Malicious code in bioql PyPI...

CVE-2025-30755

OpenGrok 1.14.1 has a reflected Cross-Site Scripting XSS issue when producing the cross reference page. This happens through improper handling of the revision parameter. The application reflects unsanitized user input into the HTML output...

CVE-2025-30755

OpenGrok 1.14.1 has a reflected Cross-Site Scripting XSS issue when producing the cross reference page. This happens through improper handling of the revision parameter. The application reflects unsanitized user input into the HTML output...