6.9
CVE-2026-54530
- EPSS 0.12%
- Veröffentlicht 22.06.2026 20:25:29
- Zuletzt bearbeitet 25.06.2026 16:47:28
- CVE-Watchlists
- Unerledigt
pypdf: Possible infinite loop when retrieving fonts for layout-mode text extraction
pypdf is a free and open-source pure-python PDF library. Prior to 6.13.0, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires extracting the text in layout mode. This vulnerability is fixed in 6.13.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pypdf Project ≫ Pypdf Version < 6.13.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.12% | 0.024 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| security-advisories@github.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-835 Loop with Unreachable Exit Condition ('Infinite Loop')
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-52x6-gq3r-vpf4
https://github.com/py-pdf/pypdf/pull/3830
https://github.com/py-pdf/pypdf/releases/tag/6.13.0