VYPR
Vendor

Pypdf Project

Products
1
CVEs
7
Across products
7
Status
Private

Products

1

Recent CVEs

7
  • CVE-2026-33699HigMar 27, 2026
    risk 0.42cvss 7.5epss 0.00

    pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot…

  • CVE-2026-41314MedApr 22, 2026
    risk 0.35cvss 6.5epss 0.00

    pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using `/FlateDecode` with large size values. This has been…

  • CVE-2026-41313MedApr 22, 2026
    risk 0.35cvss 6.5epss 0.00

    pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer `/Size` value in incremental mode. This has been fixed…

  • CVE-2026-41312MedApr 22, 2026
    risk 0.35cvss 6.5epss 0.00

    pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using `/FlateDecode` with a `/Predictor` unequal…

  • CVE-2026-48155MedMay 28, 2026
    risk 0.29cvss 5.5epss 0.00

    pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0.

  • CVE-2026-41168MedApr 22, 2026
    risk 0.27cvss 5.3epss 0.00

    pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large `/Size` values or object streams with wrong…

  • CVE-2026-40260MedApr 17, 2026
    risk 0.27cvss 5.3epss 0.00

    pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP…