8.7
CVE-2026-59936
- EPSS 0.35%
- Veröffentlicht 08.07.2026 19:34:22
- Zuletzt bearbeitet 09.07.2026 20:41:41
- CVE-Watchlists
- Unerledigt
pypdf: Possible infinite loop for not terminated inline images
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker detection such as when extracting page text. This issue is fixed in version 6.14.1.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pypdf Project ≫ Pypdf Version < 6.14.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.35% | 0.265 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| security-advisories@github.com | 8.7 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource.
https://github.com/py-pdf/pypdf/security/advisories/GHSA-5xf7-4p34-54qr
https://github.com/py-pdf/pypdf/pull/3891
https://github.com/py-pdf/pypdf/commit/ec3b14596186c40caca7cf8ab9b2155203e01b5b
https://github.com/py-pdf/pypdf/releases/tag/6.14.1