CNNVD-202510-2796 Information
CNNVD ID
CNNVD-202510-2796
Related CVE
- CNNVD Published: 2025-10-22
Description (Chinese)
pypdf是py-pdf开源的一个免费开源的纯 python PDF 库。能够拆分、合并、裁剪和转换 PDF 文件的页面。 pypdf 6.1.3之前版本存在安全漏洞,该漏洞源于解析使用LZWDecode过滤器的页面内容流时内存使用不当,可能导致内存消耗过大。
Description (English)
Pypdf is a free, open python PDF library. to split, merge, crop and convert pages of PDF files. There was a security loophole in the previous version of pypdf 6.1.3, which resulted from the improper use of memory in the resolution of the page flow using the LZWDecode filter, which could lead to excessive memory consumption.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
py-pdf
Published
2025-10-22
Last Modified
2026-02-24
References
https://github.com/py-pdf/pypdf/commit/e51d07807ffcdaf18077b9486dadb3dc05b368da https://github.com/py-pdf/pypdf/pull/3502 https://github.com/py-pdf/pypdf/releases/tag/6.1.3 https://github.com/py-pdf/pypdf/security/advisories/GHSA-jfx9-29x2-rv3j https://access.redhat.com/security/cve/cve-2025-62708
Patch
https://github.com/py-pdf/pypdf/releases
Share on: