Resource exhaustion in Py-pdf Pypdf

CVE-2026-57204

pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAX_DECLARED_STREAM_LENGTH is…

Vulnerability class: DoS (Denial of Service)

Affected products

Weakness classification (CWE)

References