VYPR

rpm package

opensuse/python-pypdf&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/python-pypdf&distro=openSUSE%20Tumbleweed

Vulnerabilities (16)

  • CVE-2026-54651Jun 22, 2026
    affected < 6.14.0-1.1fixed 6.14.0-1.1

    pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1.

  • CVE-2026-48735MedMay 28, 2026
    affected < 6.13.0-1.1fixed 6.13.0-1.1

    pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed i

  • CVE-2026-48155MedMay 28, 2026
    affected < 6.13.0-1.1fixed 6.13.0-1.1

    pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0.

  • CVE-2026-41312MedApr 22, 2026
    affected < 6.10.2-2.1fixed 6.10.2-2.1

    pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using `/FlateDecode` with a `/Predictor` unequal 1

  • CVE-2026-41168MedApr 22, 2026
    affected < 6.10.2-2.1fixed 6.10.2-2.1

    pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large `/Size` values or object streams with wrong large

  • CVE-2026-40260MedApr 17, 2026
    affected < 6.10.2-1.1fixed 6.10.2-1.1

    pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadat

  • CVE-2026-33699HigMar 27, 2026
    affected < 6.9.2-1.1fixed 6.9.2-1.1

    pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade

  • CVE-2026-33123Mar 20, 2026
    affected < 6.9.1-1.1fixed 6.9.1-1.1

    pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed i

  • CVE-2026-31826Mar 10, 2026
    affected < 6.8.0-1.1fixed 6.8.0-1.1

    pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length insid

  • CVE-2026-28351Feb 27, 2026
    affected < 6.7.5-1.1fixed 6.7.5-1.1

    pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.

  • CVE-2026-27024Feb 20, 2026
    affected < 6.7.5-1.1fixed 6.7.5-1.1

    pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in

  • CVE-2026-24688Jan 27, 2026
    affected < 6.6.2-1.1fixed 6.6.2-1.1

    pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.

  • CVE-2026-22690Jan 10, 2026
    affected < 6.6.0-1.1fixed 6.6.0-1.1

    pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid f

  • CVE-2025-66019MedNov 26, 2025
    affected < 6.4.0-1.1fixed 6.4.0-1.1

    pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This iss

  • CVE-2025-62707Oct 22, 2025
    affected < 6.1.3-1.1fixed 6.1.3-1.1

    pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This

  • CVE-2025-55197Aug 13, 2025
    affected < 6.0.0-1.1fixed 6.0.0-1.1

    pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content