CVE Catalog

CVE-2026-54530

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.13%

3th percentile — higher than 3% of all known CVEs

Summary

pypdf is a free and open-source pure-python PDF library. Prior to version 6.13.0, an attacker could exploit this vulnerability to craft a PDF that leads to an infinite loop when extracting text in layout mode.

Risk Assessment

Exploitation of this vulnerability could lead to the application processing PDF files becoming unresponsive, impacting service availability within the organization.

Recommendation

It is recommended to update the pypdf library to version 6.13.0 or later to mitigate this vulnerability.

Original NVD description (English source)

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS