CVE-2026-48735

EUVD-2026-32912
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
UNKNOWN
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Common Weakness Enumeration
References
https://github.com/py-pdf/pypdf/pull/3796
https://github.com/py-pdf/pypdf/releases/tag/6.12.1
https://github.com/py-pdf/pypdf/security/advisories/GHSA-wjqc-6w8f-h24c