PT-2026-44399 · Pypi · Pypdf

Manop55555

·

Published

2026-05-28

·

Updated

2026-06-16

·

CVE-2026-48735

CVSS v4.0

6.9

Medium

VectorAV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.12.1
Description An attacker can craft a PDF file that causes excessive memory consumption during the parsing of large XMP metadata, which may contain numerous unnecessary elements.
Recommendations Update to version 6.12.1.

Exploit

Fix

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-48735
GHSA-WJQC-6W8F-H24C
OPENSUSE-SU-2026:10974-1

Affected Products

Pypdf