CVE-2026-48735
published 2026-05-28CVE-2026-48735: pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory…
PriorityP421medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
0.13%
3.0th percentile
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ansible-automation-platform-25 | lightspeed-chatbot-rhel8 | — | — |
| exploit-intelligence-tech-preview | vulnerability-analysis-rhel9 | — | — |
| openshift-lightspeed-tech-preview | lightspeed-rag-tool-rhel9 | — | — |
| openshift-lightspeed | lightspeed-ocp-rag-rhel9 | — | — |
| py-pdf | pypdf | < 6.12.1 | 6.12.1 |
| pypdf_project | pypdf | < 6.12.1 | 6.12.1 |
| pypdf_project | pypdf | >= 0 < 6.12.1 | 6.12.1 |
| quay | quay-rhel8 | — | — |
| quay | quay-rhel9 | — | — |
| rhelai3 | bootc-cuda-rhel9 | — | — |
| rhelai3 | bootc-gaudi-rhel9 | — | — |
| rhelai3 | bootc-rocm-rhel9 | — | — |
| rhelai3 | disk-image-cuda-rhel9 | — | — |
| rhoai | odh-llama-stack-core-rhel9 | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv4.06.9MEDIUMCVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat6.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
pypdf: Manipulated XMP metadata streams can exhaust RAM
ghsa·2026-06-16
CVE-2026-48735 [MEDIUM] CWE-770 pypdf: Manipulated XMP metadata streams can exhaust RAM
pypdf: Manipulated XMP metadata streams can exhaust RAM
### Impact
An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements.
### Patches
This has been fixed in [pypdf==6.12.1](https://github.com/py-pdf/pypdf/releases/tag/6.12.1).
### Workarounds
If you cannot upgrade yet, consider applying the changes from PR [#3796](https://github.com/py-pdf/pypdf/pull/3796).
Red Hat
pypdf: pypdf: Denial of Service via crafted PDF with large XMP metadata
vendor_redhat·2026-05-28·CVSS 6.9
CVE-2026-48735 [MEDIUM] CWE-770 pypdf: pypdf: Denial of Service via crafted PDF with large XMP metadata
pypdf: pypdf: Denial of Service via crafted PDF with large XMP metadata
A flaw was found in pypdf, a pure-python PDF library. An attacker could craft a malicious PDF file containing large XMP metadata. Processing this crafted PDF would lead to excessive memory consumption, potentially causing a denial of service (DoS) for the affected system.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Package: exploit-intelligence-tech-preview/vulnerability-analysis-rhel9 (Exploit Intelligence) - Fix deferred
Package: openshift-lightspeed/lightspeed-ocp-rag-rhel9 (OpenShift Lightspeed) - Fix deferred
P
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2026-48735 python-pypdf: pypdf: Denial of Service via crafted PDF with large XMP metadata [fedora-all]
bugzilla·2026-06-04·CVSS 6.9
CVE-2026-48735 [MEDIUM] CVE-2026-48735 python-pypdf: pypdf: Denial of Service via crafted PDF with large XMP metadata [fedora-all]
CVE-2026-48735 python-pypdf: pypdf: Denial of Service via crafted PDF with large XMP metadata [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48735 python-PyPDF2: pypdf: Denial of Service via crafted PDF with large XMP metadata [fedora-all]
bugzilla·2026-06-04·CVSS 6.9
CVE-2026-48735 [MEDIUM] CVE-2026-48735 python-PyPDF2: pypdf: Denial of Service via crafted PDF with large XMP metadata [fedora-all]
CVE-2026-48735 python-PyPDF2: pypdf: Denial of Service via crafted PDF with large XMP metadata [fedora-all]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
Bugzilla
CVE-2026-48735 pypdf: pypdf: Denial of Service via crafted PDF with large XMP metadata
bugzilla·2026-05-28·CVSS 6.9
CVE-2026-48735 [MEDIUM] CVE-2026-48735 pypdf: pypdf: Denial of Service via crafted PDF with large XMP metadata
CVE-2026-48735 pypdf: pypdf: Denial of Service via crafted PDF with large XMP metadata
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1.
2026-05-28
Published