Vulnerability in Py-pdf Pypdf

CVE-2026-54531

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer. This vulnerability…

Affected products

Py-pdf Pypdf — versions < 6.13.0

Weakness classification (CWE)

CWE-835 — Loop with Unreachable Exit Condition (Infinite Loop)

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)