CVE-2026-57204
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk18th percentile — higher than 18% of all known CVEs
Summary
The pypdf library before version 6.13.3 contains a DoS vulnerability. A specially crafted PDF can cause excessive memory usage because the MAX_DECLARED_STREAM_LENGTH constant is sometimes ignored when parsing a content stream without a /Length value.
Risk Assessment
An attacker can exploit this vulnerability to perform a Denial of Service (DoS) attack on an application using pypdf, potentially leading to memory exhaustion and service disruption.
Recommendation
Immediately update the pypdf library to version 6.13.3 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAX_DECLARED_STREAM_LENGTH is sometimes ignored. This requires parsing a content stream without a /Length value. This issue has been fixed in version 6.13.3.

