59 matches found
CVE-2026-54530
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0...
CVE-2026-49461
CVE-2026-49461 affects the Python PDF library pypdf . The vulnerability occurs before version 6.12.2 and lets an attacker craft a PDF whose page contains a form XObject with self-references, causing large memory usage during text extraction. Impact is memory-related and can affect systems process...
CVE-2026-49461 pypdf: Possible large memory usage for form XObjects during text extraction
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12....
CVE-2026-54530
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0...
CVE-2026-54530
CVE-2026-54530 – pypdf : A flaw in the pure-Python PDF library allows an attacker to craft a PDF that triggers an infinite loop when performing text extraction in layout mode. Affected versions are prior to 6.13.0. Impact noted as higher for availability. Remediation: upgrade to 6.13.0 (or apply ...
pypdf: Possible infinite loop when retrieving fonts for layout-mode text extraction
Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. Patches This has been fixed in pypdf==6.13.0. Workarounds If you cannot upgrade yet, consider applying the changes from PR 3830...
Infinite loop
Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop via the font retrieving. An attacker can cause the application to enter an infinite loop by crafting a specially...
pypdf: Possible large memory usage for form XObjects during text extraction
Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. Patches This has been fixed in pypdf==6.12.2. Workarounds If you cannot upgrade yet, consider applying...
Allocation of Resources Without Limits or Throttling
Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the text extraction when handling form XObjects with self-references. An...
PT-2026-49742
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.13.0 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF file that triggers an infinite loop. This occurs specifically when extracting text in layout mode. Recommendations Update to...
SUSE CVE-2023-26930
Buffer Overflow vulnerability found in XPDF v.4.04 allows an attacker to cause a Denial of Service via the PDFDoc malloc in the pdftotext.cc function. NOTE: Vendor states “it's an expected abort on out-of-memory error.”...
CVE-2026-48155
A flaw was found in pypdf, a free and open-source pure-python PDF library. An attacker can craft a malicious PDF file that, when processed, leads to excessive memory consumption. This occurs when extracting text in layout mode with large character offsets. This vulnerability can result in a Denia...
SUSE CVE-2026-48155
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0...
UBUNTU-CVE-2026-48155
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0...
CVE-2026-48155
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0...
CVE-2026-48155 pypdf: Possible large memory usage for large offsets for layout mode text
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0...
PT-2026-44392
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.12.0 Description A flaw in the pure-python PDF library allows an attacker to craft a PDF file that causes excessive memory consumption. This occurs when extracting text in layout mode using large character offsets...
pypdf 资源管理错误漏洞
pypdf is an open-source, free Python library developed by py-pdf. It allows for splitting, merging, cropping, and converting pages within PDF files. Prior to version 6.12.0, pypdf had a resource management vulnerability caused by the use of large character offsets when extracting text in layout...
CVE-2026-0558
A vulnerability in parisneo/lollms, up to and including version 2.2.0, allows unauthenticated users to upload and process files through the /api/files/extract-text endpoint. This endpoint does not enforce authentication, unlike other file-related endpoints, and lacks the Dependsgetcurrentactiveus...
Denial Of Service
pypdf is vulnerable to Denial of Service. The vulnerability is due to an attacker crafting a PDF with unusually large values in the /ToUnicode entry of a font, where parsing this entry leads to long runtimes and large memory consumption, and how attackers can exploit it by using this vulnerabilit...