CVE Catalog

CVE-2026-49461

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

pypdf is a free and open-source pure-python PDF library. Prior to version 6.12.2, an attacker could craft a PDF that leads to large memory usage by extracting text from a page containing a form XObject with self-references.

Risk Assessment

Exploitation of this vulnerability may lead to memory exhaustion, potentially affecting the stability of applications using the pypdf library.

Recommendation

It is recommended to update the pypdf library to version 6.12.2 or later to mitigate this vulnerability.

Original NVD description (English source)

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12.2.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS