Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

py-pdf — Vulnerabilities & Security Advisories 27

Browse all 27 CVE security advisories affecting py-pdf. AI-powered Chinese analysis, POCs, and references for each vulnerability.

py-pdf is a Python library designed for reading, writing, and manipulating PDF documents, serving developers who require programmatic access to PDF structures without heavy dependencies. Despite its utility, the project has accumulated twenty-seven Common Vulnerabilities and Exposures (CVEs), indicating significant historical security debt. The majority of these flaws involve remote code execution (RCE) and arbitrary file read vulnerabilities, often stemming from improper handling of malformed input or unsafe deserialization practices. While cross-site scripting (XSS) is less relevant in a backend library context, the potential for privilege escalation through crafted PDF files remains a critical concern. Notable incidents highlight the risks of processing untrusted documents, emphasizing the need for strict input validation. Users must exercise caution, ensuring they upgrade to patched versions to mitigate these persistent threats associated with legacy parsing logic.

Top products by py-pdf: pypdf PyPDF2
CVE IDTitleCVSSSeverityPublished
CVE-2026-41314 pypdf: Manipulated FlateDecode image dimensions can exhaust RAM — pypdfCWE-789 6.5AIMediumAI2026-04-22
CVE-2026-41313 pypdf: Possible long runtimes for wrong size values in incremental mode — pypdfCWE-834 6.5AIMediumAI2026-04-22
CVE-2026-41312 pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM — pypdfCWE-789 6.5AIMediumAI2026-04-22
CVE-2026-41168 pypdf has possible long runtimes for wrong size values in cross-reference and object streams — pypdfCWE-834 4.3AIMediumAI2026-04-22
CVE-2026-40260 pypdf: Manipulated XMP metadata entity declarations can exhaust RAM — pypdfCWE-776 6.5AIMediumAI2026-04-16
CVE-2026-33699 pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream — pypdfCWE-835 6.5 -2026-03-26
CVE-2026-33123 pypdf has inefficient decoding of array-based streams — pypdfCWE-400 6.5 -2026-03-20
CVE-2026-31826 pypdf: manipulated stream length values can exhaust RAM — pypdfCWE-770 4.3 -2026-03-10
CVE-2026-28804 pypdf: Inefficient decoding of ASCIIHexDecode streams — pypdfCWE-407 6.5 -2026-03-06
CVE-2026-28351 Manipulated RunLengthDecode streams can exhaust RAM — pypdfCWE-400 4.3 -2026-02-27
CVE-2026-27888 pypdf: Manipulated FlateDecode XFA streams can exhaust RAM — pypdfCWE-400 6.5AIMediumAI2026-02-26
CVE-2026-27628 pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams — pypdfCWE-835 6.5 -2026-02-25
CVE-2026-27026 pypdf possibly has long runtimes for malformed FlateDecode streams — pypdfCWE-770 6.5AIMediumAI2026-02-20
CVE-2026-27025 pypdf has possible long runtimes/large memory usage for large /ToUnicode streams — pypdfCWE-834 6.5AIMediumAI2026-02-20
CVE-2026-27024 pypdf has a possible infinite loop when processing TreeObject — pypdfCWE-835 6.5AIMediumAI2026-02-20
CVE-2026-24688 pypdf has possible Infinite Loop when processing outlines/bookmarks — pypdfCWE-835 7.5AIHighAI2026-01-27
CVE-2026-22691 pypdf has possible long runtimes for malformed startxref — pypdfCWE-1333 6.5 -2026-01-10
CVE-2026-22690 pypdf has possible long runtimes for missing /Root object with large /Size values — pypdfCWE-400--2026-01-10
CVE-2025-66019 pypdf manipulated LZWDecode streams can exhaust RAM — pypdfCWE-400 4.3AIMediumAI2025-11-25
CVE-2025-62708 pypdf manipulated LZWDecode streams can exhaust RAM — pypdfCWE-409 4.3 -2025-10-22
CVE-2025-62707 pypdf affected by possible infinite loop when reading DCT inline images without EOF marker — pypdfCWE-834 6.5AIMediumAI2025-10-22
CVE-2025-55197 pypdf's Manipulated FlateDecode streams can exhaust RAM — pypdfCWE-400 6.5AIMediumAI2025-08-13
CVE-2023-46250 pypdf possible Infinite Loop when PdfWriter(clone_from) is used with a PDF — pypdfCWE-835 5.1 Medium2023-10-31
CVE-2023-36810 Quadratic runtime with malformed PDF missing xref marker in pypdf — pypdfCWE-407 6.2 Medium2023-06-30
CVE-2023-36807 Infinite Loop when reading malformed objects in pypdf — pypdfCWE-835 6.2 Medium2023-06-30
CVE-2023-36464 Infinite Loop when a comment isn't followed by a character in pypdf — pypdfCWE-835 6.2 Medium2023-06-27
CVE-2022-24859 Manipulated inline images can cause Infinite Loop in PyPDF2 — PyPDF2CWE-835 6.2 Medium2022-04-18

This page lists every published CVE security advisory associated with py-pdf. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.