Search
Search Results (8 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-27888 | 1 Py-pdf | 1 Pypdf | 2026-02-26 | N/A |
| pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the `xfa` property of a reader or writer and the corresponding stream being compressed using `/FlateDecode`. This has been fixed in pypdf 6.7.3. As a workaround, apply the patch manually. | ||||
| CVE-2026-24688 | 2 Py-pdf, Pypdf Project | 2 Pypdf, Pypdf | 2026-02-25 | 4.3 Medium |
| pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects cannot upgrade yet, consider applying the changes from PR #3610 manually. | ||||
| CVE-2026-27628 | 2 Py-pdf, Pypdf Project | 2 Pypdf, Pypdf | 2026-02-25 | 7.5 High |
| pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually. | ||||
| CVE-2026-27026 | 2 Py-pdf, Pypdf Project | 2 Pypdf, Pypdf | 2026-02-24 | 5.5 Medium |
| pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1. | ||||
| CVE-2026-27025 | 2 Py-pdf, Pypdf Project | 2 Pypdf, Pypdf | 2026-02-24 | 5.5 Medium |
| pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. This vulnerability is fixed in 6.7.1. | ||||
| CVE-2026-27024 | 2 Py-pdf, Pypdf Project | 2 Pypdf, Pypdf | 2026-02-24 | 5.5 Medium |
| pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in 6.7.1. | ||||
| CVE-2026-22690 | 2 Py-pdf, Pypdf Project | 2 Pypdf, Pypdf | 2026-01-22 | 5.3 Medium |
| pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be achieved by omitting the /Root entry in the trailer, while using a rather large /Size value. Only the non-strict reading mode is affected. This issue has been patched in version 6.6.0. | ||||
| CVE-2026-22691 | 2 Py-pdf, Pypdf Project | 2 Pypdf, Pypdf | 2026-01-22 | 5.3 Medium |
| pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-reference table, PDF files with lots of whitespace characters become problematic. Only the non-strict reading mode is affected. Only the non-strict reading mode is affected. This issue has been patched in version 6.6.0. | ||||
Page 1 of 1.