pypdf_project 漏洞與 CVE 列表(38)

產品(CPE): — CVE 數: 38

pypdf_project 漏洞概覽

彙總 pypdf_project 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

常見弱點模式包括 XXE與拒絕服務,在 軟體部署與生產負載 使用場景中可能帶來 應用程式崩潰 等風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 12038 CVE 數
«« 第一頁 « 上一頁 第 1 / 2 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2026-59936 pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker detection such as when extracting page text. This issue is fixed in version 6.14.1. [email protected] 8.7 0.30% 2026-07-08 2026-07-09
CVE-2026-59935 pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft a PDF with a page content stream containing a not terminated inline image that uses the ASCII85 or ASCIIHex filters, causing an infinite loop during parsing such as when extracting page text. This issue is fixed in version 6.14.2. [email protected] 8.7 0.35% 2026-07-08 2026-07-09
CVE-2026-59938 pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0. [email protected] 6.9 0.33% 2026-07-08 2026-07-09
CVE-2026-59937 pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0. [email protected] 6.9 0.30% 2026-07-08 2026-07-09
CVE-2026-57204 pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAX_DECLARED_STREAM_LENGTH is sometimes ignored. This requires parsing a content stream without a /Length value. This issue has been fixed in version 6.13.3. [email protected] 6.9 0.21% 2026-06-30 2026-07-06
CVE-2026-54651 pypdf is a free and open-source pure-python PDF library. Prior to 6.13.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer. This vulnerability is fixed in 6.13.1. [email protected] 6.9 0.12% 2026-06-22 2026-06-24
CVE-2026-54531 pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability is fixed in 6.13.0. [email protected] 6.9 0.12% 2026-06-22 2026-06-25
CVE-2026-54530 pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0. [email protected] 6.9 0.12% 2026-06-22 2026-06-25
CVE-2026-49461 pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references. This vulnerability is fixed in 6.12.2. [email protected] 6.9 0.12% 2026-06-22 2026-06-25
CVE-2026-49460 pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG predictor. This vulnerability is fixed in 6.12.2. [email protected] 5.1 0.12% 2026-06-22 2026-06-25
CVE-2026-48735 pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1. [email protected] 6.9 0.13% 2026-05-28 2026-06-17
CVE-2026-48156 pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W [0 0 0] values and large /Size values. This vulnerability is fixed in 6.12.0. [email protected] 5.1 0.12% 2026-05-28 2026-06-17
CVE-2026-48155 pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0. [email protected] 4.8 0.13% 2026-05-28 2026-06-17
CVE-2026-41314 pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using `/FlateDecode` with large size values. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually. [email protected] 4.8 0.23% 2026-04-22 2026-06-17
CVE-2026-41313 pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer `/Size` value in incremental mode. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually. [email protected] 4.8 0.21% 2026-04-22 2026-06-17
CVE-2026-41312 pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using `/FlateDecode` with a `/Predictor` unequal 1 and large predictor parameters. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually. [email protected] 4.8 0.23% 2026-04-22 2026-06-17
CVE-2026-41168 pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large `/Size` values or object streams with wrong large `/N` values. This has been fixed in pypdf 6.10.1. As a workaround, one may apply the changes from the patch manually. [email protected] 6.9 0.30% 2026-04-22 2026-06-17
CVE-2026-40260 pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has been fixed in version 6.10.0. [email protected] 6.9 0.42% 2026-04-16 2026-06-17
CVE-2026-33699 pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade yet, consider applying the changes from the patch manually. [email protected] 4.6 0.46% 2026-03-26 2026-06-17
CVE-2026-33123 pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1. [email protected] 5.1 0.35% 2026-03-20 2026-06-17
«« 第一頁 « 上一頁 第 1 / 2 頁 下一頁 »
cvelogic Threat Intelligence