CVE-2026-48156

Severity CVSS v4.0:
MEDIUM
Type:
Unavailable / Other
Publication date:
28/05/2026
Last modified:
29/05/2026

Description

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W [0 0 0] values and large /Size values. This vulnerability is fixed in 6.12.0.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:pypdf_project:pypdf:*:*:*:*:*:*:*:* 6.12.0 (excluding)