pkg:PyPI/pypdf

24 total CVEsHIGH6MEDIUM17

✅ Check your installed version

All known vulnerabilities

  • HIGH7.5CVE-2026-33699pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream
    from 0, < 6.9.2
  • HIGH7.5CVE-2026-27888pypdf: Manipulated FlateDecode XFA streams can exhaust RAM
    from 0, < 6.7.3
  • HIGH7.5CVE-2026-27628pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams
    from 0, < 6.7.2
  • HIGH7.5CVE-2025-62708pypdf can exhaust RAM via manipulated LZWDecode streams
    from 0, < 6.1.3
  • HIGH7.5CVE-2025-62707pypdf possibly loops infinitely when reading DCT inline images without EOF marker
    from 0, < 6.1.3
  • HIGH7.5CVE-2025-55197PyPDF's Manipulated FlateDecode streams can exhaust RAM
    from 0, < 6.0.0
  • MEDIUM6.5CVE-2026-41314pypdf: Manipulated FlateDecode image dimensions can exhaust RAM
    from 0, < 6.10.2
  • MEDIUM6.5CVE-2026-41313pypdf: Possible long runtimes for wrong size values in incremental mode
    from 0, < 6.10.2
  • MEDIUM6.5CVE-2026-41312pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM
    from 0, < 6.10.2
  • MEDIUM6.5CVE-2026-33123pypdf has inefficient decoding of array-based streams
    from 0, < 6.9.1
  • MEDIUM6.2CVE-2023-36464pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character
    >= 3.1.0, < 3.9.0
  • MEDIUM5.5CVE-2026-31826pypdf: manipulated stream length values can exhaust RAM
    from 0, < 6.8.0
  • MEDIUM5.5CVE-2026-27026pypdf possibly has long runtimes for malformed FlateDecode streams
    from 0, < 6.7.1
  • MEDIUM5.5CVE-2026-27025pypdf has possible long runtimes/large memory usage for large /ToUnicode streams
    from 0, < 6.7.1
  • MEDIUM5.5CVE-2026-27024pypdf has a possible infinite loop when processing TreeObject
    from 0, < 6.7.1
  • MEDIUM5.3CVE-2026-41168pypdf has long runtimes for wrong size values in cross-reference and object streams
    from 0, < 6.10.1
  • MEDIUM5.3CVE-2026-40260pypdf: Manipulated XMP metadata entity declarations can exhaust RAM
    from 0, < 6.10.0
  • MEDIUM5.3CVE-2026-28804pypdf vulnerable to inefficient decoding of ASCIIHexDecode streams
    from 0, < 6.7.5
  • MEDIUM5.3CVE-2026-28351pypdf: Manipulated RunLengthDecode streams can exhaust RAM
    from 0, < 6.7.4
  • MEDIUM5.3CVE-2026-22691pypdf has possible long runtimes for malformed startxref
    from 0, < 6.6.0
  • MEDIUM5.3CVE-2026-22690pypdf has possible long runtimes for missing /Root object with large /Size values
    from 0, < 6.6.0
  • MEDIUM5.1CVE-2023-46250Possible Infinite Loop when PdfWriter(clone_from) is used with a PDF
    >= 3.7.0, < 3.17.0
  • MEDIUM4.3CVE-2026-24688pypdf has possible Infinite Loop when processing outlines/bookmarks
    from 0, < 6.6.2
  • CVE-2025-66019pypdf's LZWDecode streams be manipulated to exhaust RAM
    from 0, < 6.4.0