Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

py-pdf — Vulnerabilities & Security Advisories 36

Browse all 36 CVE security advisories affecting py-pdf. AI-powered Chinese analysis, POCs, and references for each vulnerability.

py-pdf is a Python library designed for reading, writing, and manipulating PDF documents, serving developers who require programmatic access to PDF structures without heavy dependencies. Despite its utility, the project has accumulated twenty-seven Common Vulnerabilities and Exposures (CVEs), indicating significant historical security debt. The majority of these flaws involve remote code execution (RCE) and arbitrary file read vulnerabilities, often stemming from improper handling of malformed input or unsafe deserialization practices. While cross-site scripting (XSS) is less relevant in a backend library context, the potential for privilege escalation through crafted PDF files remains a critical concern. Notable incidents highlight the risks of processing untrusted documents, emphasizing the need for strict input validation. Users must exercise caution, ensuring they upgrade to patched versions to mitigate these persistent threats associated with legacy parsing logic.

Top products by py-pdf: pypdf PyPDF2
CVE IDTitleCVSSSeverityPublished
CVE-2026-57204 pypdf: Missing stream length values ignore defined limits — pypdfCWE-400--2026-06-30
CVE-2026-54651 pypdf: Possible infinite loop when processing threads/articles in writer — pypdfCWE-835--2026-06-22
CVE-2026-49460 pypdf: Inefficient decoding of FlateDecode PNG predictor streams — pypdfCWE-407--2026-06-22
CVE-2026-49461 pypdf: Possible large memory usage for form XObjects during text extraction — pypdfCWE-400--2026-06-22
CVE-2026-54531 pypdf: Possible infinite loop when processing outlines/bookmarks in writer — pypdfCWE-835--2026-06-22
CVE-2026-54530 pypdf: Possible infinite loop when retrieving fonts for layout-mode text extraction — pypdfCWE-835--2026-06-22
CVE-2026-48155 pypdf: Possible large memory usage for large offsets for layout mode text — pypdfCWE-400--2026-05-28
CVE-2026-48156 pypdf: Possible long runtimes for zero-only width values in cross-reference streams — pypdfCWE-834--2026-05-28
CVE-2026-48735 pypdf: Manipulated XMP metadata streams can exhaust RAM — pypdfCWE-770--2026-05-28
CVE-2026-41314 pypdf: Manipulated FlateDecode image dimensions can exhaust RAM — pypdfCWE-789 6.5AIMediumAI2026-04-22
CVE-2026-41313 pypdf: Possible long runtimes for wrong size values in incremental mode — pypdfCWE-834 6.5AIMediumAI2026-04-22
CVE-2026-41312 pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM — pypdfCWE-789 6.5AIMediumAI2026-04-22
CVE-2026-41168 pypdf has possible long runtimes for wrong size values in cross-reference and object streams — pypdfCWE-834 4.3AIMediumAI2026-04-22
CVE-2026-40260 pypdf: Manipulated XMP metadata entity declarations can exhaust RAM — pypdfCWE-776 6.5AIMediumAI2026-04-16
CVE-2026-33699 pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream — pypdfCWE-835 6.5 -2026-03-26
CVE-2026-33123 pypdf has inefficient decoding of array-based streams — pypdfCWE-400 6.5 -2026-03-20
CVE-2026-31826 pypdf: manipulated stream length values can exhaust RAM — pypdfCWE-770 4.3 -2026-03-10
CVE-2026-28804 pypdf: Inefficient decoding of ASCIIHexDecode streams — pypdfCWE-407 6.5 -2026-03-06
CVE-2026-28351 Manipulated RunLengthDecode streams can exhaust RAM — pypdfCWE-400 4.3 -2026-02-27
CVE-2026-27888 pypdf: Manipulated FlateDecode XFA streams can exhaust RAM — pypdfCWE-400 6.5AIMediumAI2026-02-26
CVE-2026-27628 pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams — pypdfCWE-835 6.5 -2026-02-25
CVE-2026-27026 pypdf possibly has long runtimes for malformed FlateDecode streams — pypdfCWE-770 6.5AIMediumAI2026-02-20
CVE-2026-27025 pypdf has possible long runtimes/large memory usage for large /ToUnicode streams — pypdfCWE-834 6.5AIMediumAI2026-02-20
CVE-2026-27024 pypdf has a possible infinite loop when processing TreeObject — pypdfCWE-835 6.5AIMediumAI2026-02-20
CVE-2026-24688 pypdf has possible Infinite Loop when processing outlines/bookmarks — pypdfCWE-835 7.5AIHighAI2026-01-27
CVE-2026-22691 pypdf has possible long runtimes for malformed startxref — pypdfCWE-1333 6.5 -2026-01-10
CVE-2026-22690 pypdf has possible long runtimes for missing /Root object with large /Size values — pypdfCWE-400--2026-01-10
CVE-2025-66019 pypdf manipulated LZWDecode streams can exhaust RAM — pypdfCWE-400 4.3AIMediumAI2025-11-25
CVE-2025-62708 pypdf manipulated LZWDecode streams can exhaust RAM — pypdfCWE-409 4.3 -2025-10-22
CVE-2025-62707 pypdf affected by possible infinite loop when reading DCT inline images without EOF marker — pypdfCWE-834 6.5AIMediumAI2025-10-22

This page lists every published CVE security advisory associated with py-pdf. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.