CVE-2026-48155

Published: Mag 28, 2026 Last Modified: Mag 28, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 4,8

Source: [email protected]

Attack Vector: local

Attack Complexity: low

Privileges Required: none

User Interaction: passive

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

pypdf is a free and open-source pure-python PDF library. Prior to 6.12.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets. This vulnerability is fixed in 6.12.0.

400

Uncontrolled Resource Consumption

Draft

Abstraction: Class Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Access Control Other

Potential Impacts:

Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Resource Consumption (Other) Bypass Protection Mechanism Other

Applicable Platforms

Technologies: Not Technology-Specific, AI/ML

Likelihood of Exploit: High

View CWE Details

https://github.com/py-pdf/pypdf/pull/3790

https://github.com/py-pdf/pypdf/releases/tag/6.12.0

https://github.com/py-pdf/pypdf/security/advisories/GHSA-cj…

https://github.com/py-pdf/pypdf/security/advisories/GHSA-cj93-chg6-vgv8

CVE-2026-48155

Description

Uncontrolled Resource Consumption

Common Consequences

Applicable Platforms

Iscriviti alla newsletter