CVE-2026-33123

MEDIUM pypdf_project NVD

CVSS Score 6.5

Severity MEDIUM

Published Mar 20, 2026

Vendor pypdf_project

Description

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1.

References

https://github.com/py-pdf/pypdf/pull/3686
https://github.com/py-pdf/pypdf/releases/tag/6.9.1
https://github.com/py-pdf/pypdf/security/advisories/GHSA-qpxp-75px-xjcp