PT-2026-4845 · Pypi+1 · Pypdf+1

Joakimbulow

Published

2026-01-01

Updated

2026-06-04

CVE-2026-24688

CVSS v4.0

5.1

Medium

Vector

AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 6.6.2

Description A flaw exists in the pypdf library that allows attackers to trigger an infinite loop by creating a PDF file with cyclic outline references. This requires accessing the outlines or bookmarks within the PDF.

Recommendations Upgrade to pypdf version 6.6.2 or later. If upgrading is not immediately possible, apply the changes from Pull Request #3610.

Exploit

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

BDU:2026-03618

CVE-2026-24688

GHSA-2Q4J-M29V-HQ73

OPENSUSE-SU-2026:10116-1

Affected Products

Red Os

Pypdf

PT-2026-4845 · Pypi+1 · Pypdf+1

CVE-2026-24688

Weakness Enumeration

Related Identifiers

Affected Products

References · 25