pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0.
Metrics
Affected Vendors & Products
References
History
Sat, 11 Jul 2026 00:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Weaknesses | CWE-1050 | |
| References |
| |
| Metrics |
threat_severity
|
cvssV3_1
|
Thu, 09 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 08 Jul 2026 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Py-pdf
Py-pdf pypdf |
|
| Vendors & Products |
Py-pdf
Py-pdf pypdf |
Wed, 08 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0. | |
| Title | pypdf: Possible long runtimes for repeated malformed cross-reference entries | |
| Weaknesses | CWE-400 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published: 2026-07-08T17:25:34.026Z
Updated: 2026-07-09T14:41:30.071Z
Reserved: 2026-07-07T18:20:06.127Z
Link: CVE-2026-59937
Updated: 2026-07-09T14:38:03.628Z
No data.