Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.3
pypdf: Long Runtimes from Malicious PDFs in Certain Scenarios
GHSA-4pxv-j86v-mhcw
Summary
A malicious PDF can cause pypdf to take a long time to process in certain situations. This is a security risk because an attacker might use this to slow down or even crash a system. To fix this, update to version 6.10.2 or apply a patch from the official GitHub repository.
What to do
- Update stefan6419846 pypdf to version 6.10.2.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| PyPI | stefan6419846 | pypdf |
< 6.10.2 Fix: upgrade to 6.10.2
|
Original title
pypdf: Possible long runtimes for wrong size values in incremental mode
Original description
### Impact
An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer `/Size` value in incremental mode.
### Patches
This has been fixed in [pypdf==6.10.2](https://github.com/py-pdf/pypdf/releases/tag/6.10.2).
### Workarounds
If you cannot upgrade yet, consider applying the changes from PR [#3735](https://github.com/py-pdf/pypdf/pull/3735).
An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer `/Size` value in incremental mode.
### Patches
This has been fixed in [pypdf==6.10.2](https://github.com/py-pdf/pypdf/releases/tag/6.10.2).
### Workarounds
If you cannot upgrade yet, consider applying the changes from PR [#3735](https://github.com/py-pdf/pypdf/pull/3735).
osv CVSS4.0
7.3
Vulnerability type
CWE-834
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026