Infinite Loop Vulnerability in pypdf Library by PyPDF Vendor
CVE-2026-54651

6.9MEDIUM

Key Information:

Vendor

Py-PDF

Status
PyPDF
Vendor
CVE Published:
22 June 2026

What is CVE-2026-54651?

The pypdf library, a widely-used open-source Python PDF manipulation tool, contains a vulnerability that could be exploited to create an infinite loop. This issue arises when merging files containing threads or articles into a writer, potentially resulting in unresponsive behavior when processing certain PDF documents. The vulnerability has been addressed in version 6.13.1, ensuring enhanced stability and security for users.

Affected Version(s)

pypdf < 6.13.1

References

https://github.com/py-pdf/pypdf/security/advisories/GHSA-...
x_refsource_CONFIRM
https://github.com/py-pdf/pypdf/pull/3839
x_refsource_MISC
https://github.com/py-pdf/pypdf/releases/tag/6.13.1
x_refsource_MISC

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.