Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
5.3
Pypdf Can Take a Long Time to Process Malformed PDFs
DEBIAN-CVE-2026-22691
Summary
Using a malicious PDF, an attacker can cause pypdf to take a long time to process, slowing down your system. This only affects older versions of pypdf, and updating to version 6.6.0 or later will fix the issue. To stay secure, make sure to keep your pypdf installation up to date.
What to do
- Update debian pypdf to version 6.9.0-1.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| Debian:12 | debian | pypdf | All versions |
| Debian:13 | debian | pypdf | All versions |
| Debian:14 | debian | pypdf |
< 6.9.0-1 Fix: upgrade to 6.9.0-1
|
| Debian:11 | debian | pypdf2 | All versions |
| Debian:12 | debian | pypdf2 | All versions |
Original title
pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF wh...
Original description
pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for malformed startxref. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for invalid startxref entries. When rebuilding the cross-reference table, PDF files with lots of whitespace characters become problematic. Only the non-strict reading mode is affected. Only the non-strict reading mode is affected. This issue has been patched in version 6.6.0.
osv CVSS3.1
5.3
- https://security-tracker.debian.org/tracker/CVE-2026-22691 Vendor Advisory
Published: 10 Jan 2026 · Updated: 21 Mar 2026 · First seen: 21 Mar 2026