PT-2026-44399 · Pypi · Pypdf
Manop55555
·
Published
2026-05-28
·
Updated
2026-06-16
·
CVE-2026-48735
CVSS v4.0
6.9
Medium
| Vector | AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
pypdf versions prior to 6.12.1
Description
An attacker can craft a PDF file that causes excessive memory consumption during the parsing of large XMP metadata, which may contain numerous unnecessary elements.
Recommendations
Update to version 6.12.1.
Exploit
Fix
Allocation of Resources Without Limits
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pypdf