Primary

Context

pypdf Infinite Loop Vulnerability in Outline Processing

Vulnerability

Patched

A vulnerability allowing an infinite loop has been identified in the pypdf library, specifically in versions prior to 6.6.2. This issue arises when the library processes outlines or bookmarks in a PDF, potentially leading to a denial-of-service condition. An attacker can exploit this vulnerability by crafting a PDF that triggers the infinite loop during outline retrieval.

Impact

Exploitation of this vulnerability causes the application to enter an infinite loop, which can lead to a denial-of-service condition.

Reproduction

To reproduce this vulnerability, use a version of pypdf prior to 6.6.2. Open a PDF file that contains outlines or bookmarks. The application will enter an infinite loop while trying to process the outlines, effectively causing a denial-of-service condition.

Remediation

Upgrade to pypdf version 6.6.2 or later. If an immediate upgrade is not possible, apply the changes from pull request #3610 manually.

Added: Jan 27, 2026, 8:19 PM

Updated: Jan 27, 2026, 8:19 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.6

remediation

7.7

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.6

remediation

7.7

relevance

2.4

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

pypdf Infinite Loop Vulnerability in Outline Processing

Vulnerability

Impact

Reproduction

Remediation

Affected Products

py-pdf

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating