VYPR

Vendor CVEs

Py PDF

All CVEs

29 total · sorted by risk
  • CVE-2025-66019MedNov 26, 2025
    risk 0.36cvss epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This…

  • CVE-2026-48735MedMay 28, 2026
    risk 0.29cvss 5.5epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed…

  • CVE-2026-48155MedMay 28, 2026
    risk 0.29cvss 5.5epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0.

  • CVE-2026-48156LowMay 28, 2026
    risk 0.14cvss 3.3epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W [0 0 0] values and large /Size values. This vulnerability is fixed in…

  • CVE-2026-54651Jun 22, 2026
    risk 0.00cvss epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1.

  • CVE-2026-54531Jun 16, 2026
    risk 0.00cvss epss 0.00

    ### Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. ### Patches This has been fixed in [pypdf==6.13.0](https://github.com/py-pdf/pypdf/releases/tag/6.13.0). ###…

  • CVE-2026-54530Jun 16, 2026
    risk 0.00cvss epss 0.00

    ### Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. ### Patches This has been fixed in [pypdf==6.13.0](https://github.com/py-pdf/pypdf/releases/tag/6.13.0). ### Workarounds If…

  • CVE-2026-49461Jun 16, 2026
    risk 0.00cvss epss 0.00

    ### Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. ### Patches This has been fixed in [pypdf==6.12.2](https://github.com/py-pdf/pypd…

  • CVE-2026-49460Jun 16, 2026
    risk 0.00cvss epss 0.00

    ### Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the `/FlateDecode` filter with a PNG predictor. ### Patches This has been fixed in [pypdf==6.12.2](https://github.com/py-pdf/pypdf/release…

  • CVE-2026-33123Mar 20, 2026
    risk 0.00cvss epss 0.00

    pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed…

  • CVE-2026-31826Mar 10, 2026
    risk 0.00cvss epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length…

  • CVE-2026-28804Mar 6, 2026
    risk 0.00cvss epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version…

  • CVE-2026-28351Feb 27, 2026
    risk 0.00cvss epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf…

  • CVE-2026-27888Feb 26, 2026
    risk 0.00cvss epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the `xfa` property of a reader or writer and the corresponding stream being compressed…

  • CVE-2026-27628Feb 25, 2026
    risk 0.00cvss epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually.

  • CVE-2026-27026Feb 20, 2026
    risk 0.00cvss epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed…

  • CVE-2026-27025Feb 20, 2026
    risk 0.00cvss epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for…

  • CVE-2026-27024Feb 20, 2026
    risk 0.00cvss epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in…

  • CVE-2026-24688Jan 27, 2026
    risk 0.00cvss epss 0.00

    pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf…

  • CVE-2026-22691Jan 10, 2026
    risk 0.00cvss epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding…

  • CVE-2026-22690Jan 10, 2026
    risk 0.00cvss epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid…

  • CVE-2025-62708Oct 22, 2025
    risk 0.00cvss epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf…

  • CVE-2025-62707Oct 22, 2025
    risk 0.00cvss epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This…

  • CVE-2025-55197Aug 13, 2025
    risk 0.00cvss epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other…

  • CVE-2023-46250Oct 31, 2023
    risk 0.00cvss epss 0.00

    pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%.…

  • CVE-2023-36810Jun 30, 2023
    risk 0.00cvss epss 0.01

    pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize…

  • CVE-2023-36807Jun 30, 2023
    risk 0.00cvss epss 0.01

    pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can…

  • CVE-2023-36464Jun 27, 2023
    risk 0.00cvss epss 0.00

    pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in…

  • CVE-2022-24859Apr 18, 2022
    risk 0.00cvss epss 0.01

    PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to…