CVE-2026-49461
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk3th percentile — higher than 3% of all known CVEs
Summary
pypdf is a free and open-source pure-python PDF library. Prior to version 6.12.2, an attacker could craft a PDF that leads to large memory usage by extracting text from a page containing a form XObject with self-references.
Risk Assessment
Exploitation of this vulnerability may lead to memory exhaustion, potentially affecting the stability of applications using the pypdf library.
Recommendation
It is recommended to update the pypdf library to version 6.12.2 or later to mitigate this vulnerability.
Original NVD description (English source)
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12.2.

