Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

pypdf — Vulnerabilities & Security Advisories 29

All 29 CVE vulnerabilities found in pypdf, with AI-generated Chinese analysis, references, and POCs.

This page documents Common Weakness Enumerations associated with the pypdf library, categorizing them by vulnerability type and severity. It aggregates security issues identified in the pypdf Python package, including but not limited to input validation failures, improper certificate validation, and resource exhaustion flaws that may impact data integrity or system stability. The collected data spans vulnerability records from the earliest reported instances through the most recent disclosures, ensuring a comprehensive historical view of the product’s security landscape. Visitors to this resource can track vendor advisories and patch releases to stay informed about critical updates. Users can also gain a deeper understanding of specific weakness classes by examining how they manifest in pypdf’s codebase and usage patterns. Additionally, the page allows for the lookup of pypdf’s vulnerability history, providing context on how risks have evolved over time. This information is intended for developers, security analysts, and system administrators who rely on pypdf for PDF manipulation and need to assess potential risks in their deployment environments. By consolidating these findings, the page serves as a centralized reference for mitigating threats related to this specific open-source tool.

Vendor: py-pdf

CVE IDTitleCVSSSeverityPublished
CVE-2026-48155 pypdf: Possible large memory usage for large offsets for layout mode text CWE-400--2026-05-28
CVE-2026-48156 pypdf: Possible long runtimes for zero-only width values in cross-reference streams CWE-834--2026-05-28
CVE-2026-48735 pypdf: Manipulated XMP metadata streams can exhaust RAM CWE-770--2026-05-28
CVE-2026-41314 pypdf: Manipulated FlateDecode image dimensions can exhaust RAM CWE-789 6.5AIMediumAI2026-04-22
CVE-2026-41313 pypdf: Possible long runtimes for wrong size values in incremental mode CWE-834 6.5AIMediumAI2026-04-22
CVE-2026-41312 pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM CWE-789 6.5AIMediumAI2026-04-22
CVE-2026-41168 pypdf has possible long runtimes for wrong size values in cross-reference and object streams CWE-834 4.3AIMediumAI2026-04-22
CVE-2026-40260 pypdf: Manipulated XMP metadata entity declarations can exhaust RAM CWE-776 6.5AIMediumAI2026-04-16
CVE-2026-33699 pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream CWE-835 6.5 -2026-03-26
CVE-2026-33123 pypdf has inefficient decoding of array-based streams CWE-400 6.5 -2026-03-20
CVE-2026-31826 pypdf: manipulated stream length values can exhaust RAM CWE-770 4.3 -2026-03-10
CVE-2026-28804 pypdf: Inefficient decoding of ASCIIHexDecode streams CWE-407 6.5 -2026-03-06
CVE-2026-28351 Manipulated RunLengthDecode streams can exhaust RAM CWE-400 4.3 -2026-02-27
CVE-2026-27888 pypdf: Manipulated FlateDecode XFA streams can exhaust RAM CWE-400 6.5AIMediumAI2026-02-26
CVE-2026-27628 pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams CWE-835 6.5 -2026-02-25
CVE-2026-27026 pypdf possibly has long runtimes for malformed FlateDecode streams CWE-770 6.5AIMediumAI2026-02-20
CVE-2026-27025 pypdf has possible long runtimes/large memory usage for large /ToUnicode streams CWE-834 6.5AIMediumAI2026-02-20
CVE-2026-27024 pypdf has a possible infinite loop when processing TreeObject CWE-835 6.5AIMediumAI2026-02-20
CVE-2026-24688 pypdf has possible Infinite Loop when processing outlines/bookmarks CWE-835 7.5AIHighAI2026-01-27
CVE-2026-22691 pypdf has possible long runtimes for malformed startxref CWE-1333 6.5 -2026-01-10
CVE-2026-22690 pypdf has possible long runtimes for missing /Root object with large /Size values CWE-400--2026-01-10
CVE-2025-66019 pypdf manipulated LZWDecode streams can exhaust RAM CWE-400 4.3AIMediumAI2025-11-25
CVE-2025-62708 pypdf manipulated LZWDecode streams can exhaust RAM CWE-409 4.3 -2025-10-22
CVE-2025-62707 pypdf affected by possible infinite loop when reading DCT inline images without EOF marker CWE-834 6.5AIMediumAI2025-10-22
CVE-2025-55197 pypdf's Manipulated FlateDecode streams can exhaust RAM CWE-400 6.5AIMediumAI2025-08-13
CVE-2023-46250 pypdf possible Infinite Loop when PdfWriter(clone_from) is used with a PDF CWE-835 5.1 Medium2023-10-31
CVE-2023-36810 Quadratic runtime with malformed PDF missing xref marker in pypdf CWE-407 6.2 Medium2023-06-30
CVE-2023-36807 Infinite Loop when reading malformed objects in pypdf CWE-835 6.2 Medium2023-06-30
CVE-2023-36464 Infinite Loop when a comment isn't followed by a character in pypdf CWE-835 6.2 Medium2023-06-27

All 29 known CVE vulnerabilities affecting pypdf with full Chinese analysis, references, and POCs where available.