Pypdf Project Pypdf vulnerabilities

CVE-2026-40260 [MEDIUM] CWE-776 pypdf: Manipulated XMP metadata entity declarations can exhaust RAM pypdf: Manipulated XMP metadata entity declarations can exhaust RAM ### Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. ### Patches This has been fixed in [pypdf==6.10.0](https://github.com/py-pdf/pypdf/releases/tag/6.10.0). ### Workarounds If you cannot upgrade yet, consider applying the changes from PR

CVE-2026-33699 [MEDIUM] CWE-835 CVE-2026-33699: pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerabilit pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade yet, consider applying the changes from the patch manually.

CVE-2026-33123 [MEDIUM] CWE-400 CVE-2026-33123: pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker t pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1.

CVE-2026-31826 [MEDIUM] CWE-770 CVE-2026-31826: pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this v pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. This vulnerability is fixed in 6.8.0.

CVE-2026-28804 [MEDIUM] CWE-407 CVE-2026-28804: pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who use pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5.

CVE-2026-28351 [MEDIUM] CWE-400 CVE-2026-28351: pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who use pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.4, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. This has been fixed in pypdf 6.7.4. As a workaround, consider applying the changes from PR #3664.

CVE-2026-27888 [MEDIUM] CWE-400 CVE-2026-27888: pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this v pypdf is a free and open-source pure-python PDF library. Prior to 6.7.3, an attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the `xfa` property of a reader or writer and the corresponding stream being compressed using `/FlateDecode`. This has been fixed in pypdf 6.7.3. As a workarou

CVE-2026-27628 [LOW] CWE-835 CVE-2026-27628: pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this v pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually.

CVE-2026-27024 [MEDIUM] CWE-835 CVE-2026-27024: pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this v pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in 6.7.1.

CVE-2026-27026 [MEDIUM] CWE-770 CVE-2026-27026: pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this v pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1.

CVE-2026-27025 [MEDIUM] CWE-834 CVE-2026-27025: pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this v pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. This vulnerability is fixed in 6.7.1.

CVE-2026-24688 [MEDIUM] CWE-835 CVE-2026-24688: pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulne pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks. This has been fixed in pypdf 6.6.2. If projects cannot upgrade yet, consider applying the changes from

CVE-2026-22690 [LOW] CWE-400 CVE-2026-22690: pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be achieved by omitting the /Root entry in the trailer, whil

CVE-2026-22691 [LOW] CWE-400 CVE-2026-22691: pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-reference table, PDF files with lots of whitespace characters bec

CVE-2025-66019 [MEDIUM] CWE-400 pypdf's LZWDecode streams be manipulated to exhaust RAM pypdf's LZWDecode streams be manipulated to exhaust RAM ### Impact An attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a page using the LZWDecode filter. This is a follow up to [GHSA-jfx9-29x2-rv3j](https://github.com/py-pdf/pypdf/security/advisories/GHSA-jfx9-29x2-rv3j) to align the default limit with t

CVE-2025-62707 [MEDIUM] CWE-834 CVE-2025-62707: pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who use pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in pypdf version 6.1.3.

CVE-2025-62708 [MEDIUM] CWE-409 CVE-2025-62708: pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who use pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter. This has been fixed in pypdf version 6.1.3.

CVE-2025-55197 [MEDIUM] CWE-400 CVE-2025-55197: pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can cra pypdf is a free and open-source pure-python PDF library. Prior to version 6.0.0, an attacker can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are affected on explicit access. This issue has been fixed in

CVE-2023-46250 [MEDIUM] CWE-835 CVE-2023-46250: pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability presen pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case when th

CVE-2023-36807 [MEDIUM] CWE-835 CVE-2023-36807: pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pag pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage