GHSA-WGVP-VG3V-2XQ3 pypdf has possible long runtimes/large memory usage for large /ToUnicode streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. Patches This has been fixed in pypdf==6.7.1. Workarounds ...

PT-2026-20908

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.7.1 Description pypdf is a free and open-source pure-python PDF library. An attacker can create a malicious PDF file that causes excessive runtime and memory usage when processed. This occurs when parsing the /ToUnico...