Primary

Context

pypdf Array-Based Stream Processing Vulnerability Leading to Performance Degradation

Vulnerability

Patched

A vulnerability in pypdf, a pure-Python PDF library, exists in versions prior to 6.9.1. It allows an attacker to create a malicious PDF that causes excessive runtime and memory consumption. Exploitation requires the PDF to contain an array-based stream with a large number of entries.

Impact

Exploitation of this vulnerability results in inefficient processing of array-based streams, causing increased runtime and memory usage.

Remediation

Users can upgrade to pypdf version 6.9.1 or apply the changes from Pull Request #3686 if an immediate upgrade is not possible.

Added: Mar 20, 2026, 10:21 AM

Updated: Mar 20, 2026, 10:21 AM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.6

exploitability

4.2

remediation

7.7

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

0.6

exploitability

4.2

remediation

7.7

relevance

4.2

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

pypdf Array-Based Stream Processing Vulnerability Leading to Performance Degradation

Vulnerability

Impact

Remediation

Affected Products

py-pdf

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating