CVE-2026-28804 Python — Exploit & Vulnerability Details MEDIUM

Parameter	Value
CVSS	6.9 (MEDIUM)
Fixed In	6.7.5
Type	CWE-407
Vendor	Python
Public PoC	No

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter.

This issue has been patched in version 6.7.5.

Attack Parameters

Attack Vector

Network

Атака возможна удалённо

Attack Complexity

Low

Легко эксплуатировать

Attack Requirements

None

Нет дополнительных условий

Privileges Required

None

Права не нужны

User Interaction

None

Не нужно действие пользователя

Impact Assessment

Confidentiality

None

Нет утечки данных

Integrity

None

Нет модификации данных

Availability

Low

Частичное нарушение работы

CVSS Vector v4.0

Weakness Type (CWE)

CWE-407

References 4

https://github.com/py-pdf/pypdf/commit/648c627d2657447dfb1773412af05a0a5103b98f

security-advisories@github.com

https://github.com/py-pdf/pypdf/pull/3666

security-advisories@github.com

https://github.com/py-pdf/pypdf/releases/tag/6.7.5

security-advisories@github.com

https://github.com/py-pdf/pypdf/security/advisories/GHSA-9m86-7pmv-2852

security-advisories@github.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-28802

Python

7.7

CVE-2025-69534

Python

None

CVE-2026-27932

Python

7.5

CVE-2026-27905

Python

8.6

CVE-2026-28416

Python

8.2

Menu

CVE-2026-28804

Attack Parameters

Impact Assessment

CVSS Vector v4.0

Weakness Type (CWE)

References 4

Related Vulnerabilities

CVE-2026-28802

CVE-2025-69534

CVE-2026-27932

CVE-2026-27905

CVE-2026-28416

CVE Details

Editor's Choice