Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.8
pypdf: Malicious PDFs can cause slow processing
GHSA-4pxv-j86v-mhcw
Summary
Using pypdf to process a malicious PDF file in a specific way can cause it to take a long time to load. This issue is fixed in version 6.10.2 of the software. If you can't update right away, you can try applying a temporary fix found in a community contribution.
What to do
- Update pypdf to version 6.10.2.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| pip | – | pypdf |
< 6.10.2 Fix: upgrade to 6.10.2
|
Original title
pypdf: Possible long runtimes for wrong size values in incremental mode
Original description
### Impact
An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer `/Size` value in incremental mode.
### Patches
This has been fixed in [pypdf==6.10.2](https://github.com/py-pdf/pypdf/releases/tag/6.10.2).
### Workarounds
If you cannot upgrade yet, consider applying the changes from PR [#3735](https://github.com/py-pdf/pypdf/pull/3735).
An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer `/Size` value in incremental mode.
### Patches
This has been fixed in [pypdf==6.10.2](https://github.com/py-pdf/pypdf/releases/tag/6.10.2).
### Workarounds
If you cannot upgrade yet, consider applying the changes from PR [#3735](https://github.com/py-pdf/pypdf/pull/3735).
ghsa CVSS4.0
6.8
Vulnerability type
CWE-834
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026