CVE-2026-48155

EUVD-2026-32914
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/py-pdf/pypdf/pull/3790
https://github.com/py-pdf/pypdf/releases/tag/6.12.0
https://github.com/py-pdf/pypdf/security/advisories/GHSA-cj93-chg6-vgv8