Denial of Service Vulnerability in pypdf Library
CVE-2026-59937
6.9MEDIUM
What is CVE-2026-59937?
The pypdf library, a free and open-source PDF processing tool, is susceptible to a denial of service attack due to a flaw that allows attackers to craft specially formatted PDFs with repeated malformed cross-reference streams. These crafted PDFs can cause the library to spend excessive processing time recovering from broken cross-reference entries, leading to performance degradation. This vulnerability was addressed in version 6.14.0 of the library, which is recommended for all users to ensure secure PDF handling.
Affected Version(s)
pypdf < 6.14.0
