Primary

Context

pypdf Infinite Loop Vulnerability in PDF Processing

Vulnerability

Patched

A vulnerability allowing for an infinite loop has been identified in the pypdf library, versions prior to 6.9.2. This issue arises when a PDF file is read in non-strict mode, allowing an attacker to craft a file that triggers the loop. The vulnerability has been patched in version 6.9.2.

Impact

Exploitation of this vulnerability leads to an infinite loop during PDF processing, causing a denial of service condition.

Remediation

Users can upgrade to pypdf version 6.9.2 or apply the changes from the patch manually. Instructions for downloading version 6.9.2 are available on the pypdf GitHub releases page.

Added: Mar 27, 2026, 1:32 AM

Updated: Mar 27, 2026, 1:32 AM

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.9

remediation

7.7

relevance

4.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.4

impact

2.5

exploitability

4.9

remediation

7.7

relevance

4.8

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

pypdf Infinite Loop Vulnerability in PDF Processing

Vulnerability

Impact

Remediation

Affected Products

pypdf

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating