anonhaven
Ad

CVE-2026-31826

MEDIUM CVSS 4.0: 6.8 EPSS 0.01%
Updated Mar 10, 2026
Python
Parameter Value
CVSS 6.8 (MEDIUM)
Fixed In 6.8.0
Type CWE-770 (Allocation Without Limits)
Vendor Python
Public PoC No

pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream.

This vulnerability is fixed in 6.8.0.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Attack Requirements
None
No additional conditions
Privileges Required
None
No privileges needed
User Interaction
Passive
Minimal interaction

Impact Assessment

Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service

CVSS Vector v4.0

Weakness Type (CWE)

CWE-770 Allocation Without Limits

References 3

https://github.com/py-pdf/pypdf/pull/3675
security-advisories@github.com
https://github.com/py-pdf/pypdf/releases/tag/6.8.0
security-advisories@github.com
https://github.com/py-pdf/pypdf/security/advisories/GHSA-hqmh-ppp3-xvm7
security-advisories@github.com
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-32128

Python

6.3

CVE-2026-32112

Python

6.8

CVE-2026-31958

Python

8.7

CVE-2026-29787

Python

5.3

CVE-2026-29780

Python

5.5