Denial of Service Vulnerability in pypdf Library
CVE-2026-59937

6.9MEDIUM

Key Information:

Vendor

Py-PDF

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-59937?

The pypdf library, a free and open-source PDF processing tool, is susceptible to a denial of service attack due to a flaw that allows attackers to craft specially formatted PDFs with repeated malformed cross-reference streams. These crafted PDFs can cause the library to spend excessive processing time recovering from broken cross-reference entries, leading to performance degradation. This vulnerability was addressed in version 6.14.0 of the library, which is recommended for all users to ensure secure PDF handling.

Affected Version(s)

pypdf < 6.14.0

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.