CVE Catalog

CVE-2026-49460

LowCVSS 3.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

pypdf is a free and open-source pure-python PDF library. Prior to version 6.12.2, an attacker could exploit this vulnerability to craft a PDF that leads to long runtimes.

Risk Assessment

Exploitation of this vulnerability may lead to significant system load, potentially affecting service availability. Organizations should be aware of potential attacks that could leverage this flaw.

Recommendation

It is recommended to update the pypdf library to version 6.12.2 or later to mitigate this vulnerability. Regular monitoring and updating of software components is crucial for security.

Original NVD description (English source)

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS