CVE Catalog

CVE-2026-57204

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.26%

18th percentile — higher than 18% of all known CVEs

Summary

The pypdf library before version 6.13.3 contains a DoS vulnerability. A specially crafted PDF can cause excessive memory usage because the MAX_DECLARED_STREAM_LENGTH constant is sometimes ignored when parsing a content stream without a /Length value.

Risk Assessment

An attacker can exploit this vulnerability to perform a Denial of Service (DoS) attack on an application using pypdf, potentially leading to memory exhaustion and service disruption.

Recommendation

Immediately update the pypdf library to version 6.13.3 or later, which includes a fix for this vulnerability.

Original NVD description (English source)

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAX_DECLARED_STREAM_LENGTH is sometimes ignored. This requires parsing a content stream without a /Length value. This issue has been fixed in version 6.13.3.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS