Browse all 27 CVE security advisories affecting py-pdf. AI-powered Chinese analysis, POCs, and references for each vulnerability.
py-pdf is a Python library designed for reading, writing, and manipulating PDF documents, serving developers who require programmatic access to PDF structures without heavy dependencies. Despite its utility, the project has accumulated twenty-seven Common Vulnerabilities and Exposures (CVEs), indicating significant historical security debt. The majority of these flaws involve remote code execution (RCE) and arbitrary file read vulnerabilities, often stemming from improper handling of malformed input or unsafe deserialization practices. While cross-site scripting (XSS) is less relevant in a backend library context, the potential for privilege escalation through crafted PDF files remains a critical concern. Notable incidents highlight the risks of processing untrusted documents, emphasizing the need for strict input validation. Users must exercise caution, ensuring they upgrade to patched versions to mitigate these persistent threats associated with legacy parsing logic.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2022-24859 | Manipulated inline images can cause Infinite Loop in PyPDF2 — PyPDF2CWE-835 | 6.2 | Medium | 2022-04-18 |
This page lists every published CVE security advisory associated with py-pdf. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.