By vendor

Pypdf_project vulnerabilities

Known CVEs affecting Pypdf_project products, prioritized by severity, with SEC.co remediation and detection guidance.

3 published vulnerabilities

  • CVE-2026-48155MEDIUM 5.5

    pypdf, a popular open-source PDF processing library, contains a denial-of-service vulnerability affecting versions prior to 6.12.0. An attacker can craft a malicious PDF file that, when processed by pypdf's text extraction feature in layout mode, triggers excessive memory consumption. This occurs specifically when the PDF contains large character offsets. The flaw does not compromise data confidentiality or integrity, but can render systems unresponsive or crash applications that depend on pypdf for PDF handling.

  • CVE-2026-48735MEDIUM 5.5

    pypdf, a popular open-source Python library for PDF processing, contains a memory exhaustion flaw that allows attackers to craft malicious PDF files triggering excessive memory consumption. The issue stems from how the library parses XMP (Extensible Metadata Platform) metadata within PDFs—an attacker can embed large or unnecessarily complex metadata structures that force the parser to allocate abnormal amounts of RAM. This can degrade system performance or crash applications relying on pypdf to process untrusted PDF documents. The vulnerability affects versions prior to 6.12.1.

  • CVE-2026-48156LOW 3.3

    pypdf, a popular open-source Python library for PDF handling, contains a vulnerability that allows an attacker to craft malicious PDF files that cause the library to consume excessive processing time during parsing. The issue stems from how pypdf processes cross-reference streams—a mechanism PDFs use to index internal objects—when they contain specific structural patterns. An attacker would need to trick a user or application into opening a specially crafted PDF, but once opened, the library can hang or freeze during PDF processing, resulting in a denial-of-service condition on that system.