Back to overview

CVE-2026-59935

HIGH
8.7
CVSS 4.0
Description
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft a PDF with a page content stream containing a not terminated inline image that uses the ASCII85 or ASCIIHex filters, causing an infinite loop during parsing such as when extracting page text. This issue is fixed in version 6.14.2.

Metadata

CVE ID
CVE-2026-59935
State
PUBLISHED
Assigner
GitHub_M
Reserved
2026-07-07 18:20 UTC
Published
2026-07-08 19:34 UTC
Last updated
2026-07-09 13:36 UTC
Primary CWE
CWE-835
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loo…
Vendor / Product
py-pdf / pypdf
Sources
cve.org  ·  NVD

Severity & Metrics

8.7 HIGH CVSS 4.0
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
py-pdf pypdf < 6.14.2
Weakness (CWE)
CWESourceDescription
CWE-835 cna CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
CVSS scores (1)
ScoreSeverityVersionSourceVector
8.7 HIGH 4.0 cna CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
References (4)
Back to overview