Vulnetix
Try Vulnetix Request Demo
CVE-2026-27025 PUBLISHED CVSS 6.900000095367432 MEDIUM

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. This vulnerability is fixed in 6.7.1.

EPSS 0.00% · 0.2th percentile

Risk Scores

CVSS v4.0
6.900000095367432
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
EPSS Score
0.00%
0.2th percentile

Affected Products

VendorProductVersions
PyPIpypdf0
py-pdfpypdf< 6.7.1
pypdf_projectpypdf0

Timeline

References

Open in Interactive Console →