pypdf
PyPI12 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting pypdfpage 1 of 1
- CVE-2023-36464MEDIUMCVSS 6.2EG 6.2✓ Fixed in 3.9.02023-06-27
vulnerable: 3.1.0 ... 3.8.1 (14 versions)
pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such…
- CVE-2023-46250MEDIUMCVSS 5.1EG 5.1✓ Fixed in 3.17.02023-10-31
vulnerable: 3.10.0 ... 3.9.1 (25 versions)
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can u…
- CVE-2025-62707HIGHCVSS 7.5EG 7.5✓ Fixed in 6.1.32025-10-22
vulnerable: 1.0 ... 6.1.2 (78 versions)
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inlin…
- CVE-2025-62708HIGHCVSS 7.5EG 7.5✓ Fixed in 6.1.32025-10-22
vulnerable: 1.0 ... 6.1.2 (78 versions)
pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDec…
- CVE-2025-66019MEDIUMCVSS 6.6EG 0.0✓ Fixed in 6.4.02025-11-26
vulnerable: 1.0 ... 6.3.0 (81 versions)
pypdf is a free and open-source pure-python PDF library. Prior to version 6.4.0, an attacker who uses this vulnerability can craft a PDF which leads to a memory usage of up to 1 GB per stream. This requires parsing the content stream of a …
- CVE-2026-22691MEDIUMCVSS 5.3EG 5.3✓ Fixed in 6.6.02026-01-10
vulnerable: 1.0 ... 6.5.0 (85 versions)
pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for in…
- CVE-2026-24688MEDIUMCVSS 4.3EG 4.3✓ Fixed in 6.6.22026-01-27
vulnerable: 1.0 ... 6.6.1 (87 versions)
pypdf is a free and open-source pure-python PDF library. An attacker who uses an infinite loop vulnerability that is present in versions prior to 6.6.2 can craft a PDF which leads to an infinite loop. This requires accessing the outlines/b…
- CVE-2026-40260MEDIUMCVSS 5.3EG 5.3✓ Fixed in 6.10.02026-04-17
vulnerable: 1.0 ... 6.9.2 (98 versions)
pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usa…
- CVE-2026-41168MEDIUMCVSS 5.3EG 5.3✓ Fixed in 6.10.12026-04-22
vulnerable: 1.0 ... 6.9.2 (99 versions)
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large `/Size` …
- CVE-2026-41312MEDIUMCVSS 6.5EG 6.5✓ Fixed in 6.10.22026-04-22
vulnerable: 1.0 ... 6.9.2 (100 versions)
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using `/F…
- CVE-2026-41313MEDIUMCVSS 6.5EG 6.5✓ Fixed in 6.10.22026-04-22
vulnerable: 1.0 ... 6.9.2 (100 versions)
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer `/Size` value …
- CVE-2026-41314MEDIUMCVSS 6.5EG 6.5✓ Fixed in 6.10.22026-04-22
vulnerable: 1.0 ... 6.9.2 (100 versions)
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using `/FlateDecode`…
Check whether pypdf is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for pypdf CVEs against the assets you own.
Start Free Scan →