CVE-2026-59937

Severity CVSS v4.0:
MEDIUM
Type:
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
08/07/2026
Last modified:
09/07/2026

Description

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:pypdf_project:pypdf:*:*:*:*:*:*:*:* 6.14.0 (excluding)