VDB

DEBIAN-CVE-2026-33123

DEBIAN-CVE-2026-33123 PUBLISHED CVSS 6.5 MEDIUM

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1.

Risk Scores

CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Debian:11pypdf22.9.0-1, 1.26.0-4, 1.26.0-4+deb11u1
Debian:14pypdf0, 5.4.0-1, 6.9.0-1
Debian:13pypdf0, 5.4.0-1, 6.9.0-1
Debian:12pypdf6.9.2-1, 4.0.0-1, 4.0.1-1
Debian:12pypdf22.12.1-3, 2.12.1-3+deb12u1, 2.12.1-4

Timeline

  • Mar 20, 2026 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›