6.9
CVE-2026-59938
- EPSS 0.3%
- Veröffentlicht 08.07.2026 17:24:29
- Zuletzt bearbeitet 09.07.2026 20:41:11
- CVE-Watchlists
- Unerledigt
pypdf: Possible large memory usage for wrong image dimensions
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Pypdf Project ≫ Pypdf Version < 6.14.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.221 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
| security-advisories@github.com | 6.9 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
CWE-789 Memory Allocation with Excessive Size Value
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
https://github.com/py-pdf/pypdf/releases/tag/6.14.0
https://github.com/py-pdf/pypdf/security/advisories/GHSA-5qjq-93h5-hrgp
https://github.com/py-pdf/pypdf/pull/3888
https://github.com/py-pdf/pypdf/commit/c64583be16b8e8763d8777075f8ecbf382014b7a