CVE-2026-48735
EUVD-2026-3291228.05.2026, 16:16
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| pypdf_project | pypdf | 𝑥 < 6.12.1 |
𝑥
= Vulnerable software versions