Primary

Context

pypdf Memory Exhaustion Vulnerability Due to Improper Stream Length Handling

Vulnerability

Patched

A memory exhaustion vulnerability has been identified in pypdf, a pure-Python PDF library, affecting versions prior to 6.8.0. The issue arises when the library parses a content stream with a large '/Length' value, leading to excessive memory usage. This vulnerability can be exploited by crafting a PDF that takes advantage of the improper handling of stream length values.

Impact

Exploitation of this vulnerability can lead to significant memory consumption, potentially causing applications to run out of available RAM.

Remediation

Users can upgrade to pypdf version 6.8.0 or later to address this vulnerability. If an immediate upgrade is not possible, consider applying the changes from Pull Request #3675, which are available in the 6.8.0 release.

Added: Mar 10, 2026, 10:22 PM

Updated: Mar 10, 2026, 10:22 PM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

5.1

remediation

8.3

relevance

3.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

5.1

remediation

8.3

relevance

3.7

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

pypdf Memory Exhaustion Vulnerability Due to Improper Stream Length Handling

Vulnerability

Impact

Remediation

Affected Products

py-pdf

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating