pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker detection such as when extracting page text. This issue is fixed in version 6.14.1.
Metrics
Affected Vendors & Products
References
History
Thu, 09 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Thu, 09 Jul 2026 12:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-835 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Wed, 08 Jul 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Py-pdf
Py-pdf pypdf |
|
| Vendors & Products |
Py-pdf
Py-pdf pypdf |
Wed, 08 Jul 2026 19:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker detection such as when extracting page text. This issue is fixed in version 6.14.1. | |
| Title | pypdf: Possible infinite loop for not terminated inline images | |
| Weaknesses | CWE-400 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-07-08T19:34:22.610Z
Updated: 2026-07-09T13:28:21.161Z
Reserved: 2026-07-07T18:20:06.127Z
Link: CVE-2026-59936
Updated: 2026-07-09T13:28:16.847Z
No data.