Memory Usage Issue in pypdf Library by PyPDF
CVE-2026-59938

6.9MEDIUM

Key Information:

Vendor

Py-PDF

Status
Vendor
CVE Published:
8 July 2026

What is CVE-2026-59938?

The pypdf library, a widely used open-source pure-Python PDF manipulation tool, is subject to a vulnerability where an attacker can create a malicious PDF file with image size values that far exceed the actual data size. This misrepresentation can lead to excessive memory consumption during the image parsing process. It is crucial for users to upgrade to version 6.14.0 or later to mitigate this issue and ensure optimal performance and security.

Affected Version(s)

pypdf < 6.14.0

References

CVSS V4

Score:
6.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.