77 matches found
CVE-2026-59938
A flaw was found in pypdf, a free and open-source pure-python PDF library. An attacker can exploit this vulnerability by crafting a malicious PDF file with image size values that are significantly larger than the actual embedded image data, causing pypdf to allocate large amounts of memory when...
CVE-2026-59935
A flaw was found in pypdf, a pure-python PDF library. A remote attacker can craft a malicious PDF file containing an unterminated inline image within the page content stream. When this crafted PDF is parsed, it can lead to an infinite loop, resulting in a denial of service DoS due to resource...
EUVD-2026-38358
pypdf: Possible infinite loop when processing threads/articles in writer...
CVE-2026-59936
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker detection such as when extracting page text. This issue is fixed in...
CVE-2026-59937
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0...
CVE-2026-59938
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0...
CVE-2026-59938
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0...
Linux Distros Unpatched Vulnerability : CVE-2026-57204
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can...
DEBIAN-CVE-2026-57204
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAXDECLAREDSTREAMLENGTH is sometimes ignored. This requires parsing a content stream...
Linux Distros Unpatched Vulnerability : CVE-2026-49460
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes...
Linux Distros Unpatched Vulnerability : CVE-2026-54651
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loo...
CVE-2026-54530
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0...
DEBIAN-CVE-2026-54531
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0...
DEBIAN-CVE-2026-49460
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2...
CVE-2026-49460
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2...
CVE-2026-49461
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12....
PT-2026-51380
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.13.1 Description A flaw exists where an attacker can craft a PDF file that triggers an infinite loop. This occurs when merging a file containing threads or articles into a writer. Recommendations Update to version...
PT-2026-54003
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.13.3 Description A flaw in the library allows a maliciously crafted PDF to cause a Denial of Service DoS. This occurs when the system parses a content stream that lacks a /Length value, causing the MAX DECLARED STREAM...
Inefficient Algorithmic Complexity
Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity via the FlateDecode PNG predictor streams. An attacker can cause excessive resource consumption...
CVE-2026-48155
A flaw was found in pypdf, a free and open-source pure-python PDF library. An attacker can craft a malicious PDF file that, when processed, leads to excessive memory consumption. This occurs when extracting text in layout mode with large character offsets. This vulnerability can result in a Denia...