CVE-2026-22691

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.6.0

Description pypdf is a pure-python PDF library. Versions prior to 6.6.0 are susceptible to long runtimes when processing malformed startxref entries within PDF files. An attacker can create a specially crafted PDF that causes prolonged processing times when the cross-reference table is rebuilt, particularly with files containing excessive whitespace. This issue only affects the non-strict reading mode.

Recommendations Update to version 6.6.0 or later.

Exploit

Fix

Resource Exhaustion

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-1333

Related Identifiers

CVE-2026-22691

GHSA-4F6G-68PF-7VHV

Affected Products

Debian

Red Os

Pypdf

CVE-2026-22691

Weakness Enumeration

Related Identifiers

Affected Products

References · 20