Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
4.6
pypdf: Infinite Loop when Reading Malicious PDF Files
GHSA-87mj-5ggw-8qc3
CVE-2026-33699
Summary
A malicious PDF file can cause the pypdf library to get stuck in an infinite loop when trying to read it. This could lead to a freeze or crash of your application. Update to the latest version of pypdf (6.9.2) or apply the suggested patch to prevent this issue.
What to do
- Update pypdf to version 6.9.2.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | pypdf | <= 6.9.2 | 6.9.2 |
Original title
pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a f...
Original description
pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.2 have a vulnerability in which an attacker can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. This has been fixed in pypdf 6.9.2. If users cannot upgrade yet, consider applying the changes from the patch manually.
ghsa CVSS4.0
4.6
Vulnerability type
CWE-835
Published: 27 Mar 2026 · Updated: 27 Mar 2026 · First seen: 25 Mar 2026