VYPR
Unrated severityOSV Advisory· Published Jul 9, 2026

Debian pypdf2: pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an att…

CVE-2026-59937

Description

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0.

Affected products

3
  • Py PDF/PypdfOSV2 versions
    6.13.3, 6.13.2, 6.13.1, …+ 1 more
    • (no CPE)range: 6.13.3, 6.13.2, 6.13.1, …
    • (no CPE)range: <6.14.0
  • Debian/pypdf2llm-fuzzy
    Range: <6.14.0

Patches

Vulnerability mechanics

News mentions

0

No linked articles in our index yet.