CVE-2026-48156
EUVD-2026-3291328.05.2026, 16:16
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W [0 0 0] values and large /Size values. This vulnerability is fixed in 6.12.0.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| pypdf_project | pypdf | 𝑥 < 6.12.0 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration