CNNVD-202508-1474 Information
CNNVD ID
CNNVD-202508-1474
Related CVE
- CNNVD Published: 2025-08-13
Description (Chinese)
pypdf是py-pdf开源的一个免费开源的纯 python PDF 库。能够拆分、合并、裁剪和转换 PDF 文件的页面。 pypdf 6.0.0之前版本存在安全漏洞,该漏洞源于恶意PDF可能导致RAM耗尽,影响内容流访问。
Description (English)
Pypdf is a free, open python PDF library. to split, merge, crop and convert pages of PDF files. There was a security loophole in the previous version of pypdf 6.0.0, which stemmed from malicious PDFs that could lead to RAM depletion and affect content stream access.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
py-pdf
Published
2025-08-13
Last Modified
2026-02-24
References
https://github.com/py-pdf/pypdf/blob/0dd57738bbdcdb63f0fb43d8a6b3d222b6946595/pypdf/filters.py#L72-L143 https://github.com/py-pdf/pypdf/issues/3429 https://github.com/py-pdf/pypdf/pull/3430 https://github.com/py-pdf/pypdf/releases/tag/6.0.0 https://github.com/py-pdf/pypdf/security/advisories/GHSA-7hfw-26vp-jp8m
Patch
https://github.com/py-pdf/pypdf/releases
Share on: