Vulnerability in Py-pdf Pypdf

CVE-2026-49460

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.2, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /FlateDecode filter with a PNG…

Affected products

Py-pdf Pypdf — versions < 6.12.2

Weakness classification (CWE)

CWE-407 — Inefficient Algorithmic Complexity

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)