CNNVD-202511-2816 Information

CNNVD ID

CNNVD-202511-2816

Related CVE

CVE-2025-66019

• CNNVD Published: 2025-11-26

Description (Chinese)

pypdf是py-pdf开源的一个免费开源的纯 python PDF 库。能够拆分、合并、裁剪和转换 PDF 文件的页面。 pypdf 6.4.0之前版本存在安全漏洞，该漏洞源于LZWDecode过滤器解析PDF内容流时可能导致内存使用过高。

Description (English)

Pypdf is a free, open python PDF library. to split, merge, crop and convert pages of PDF files. There was a security loophole in the previous version of pypdf 6.4.0, which stemmed from the fact that the LZWDecode filter could lead to overuse of memory in the analysis of PDF content streams.

Hazard Level

Medium

Vulnerability Type

其他

Affected Vendor

py-pdf

Published

2025-11-26

Last Modified

2026-02-24

References

https://github.com/py-pdf/pypdf/commit/96186725e5e6f237129a58a97cd19204a9ce40b2 https://github.com/py-pdf/pypdf/releases/tag/6.4.0 https://github.com/py-pdf/pypdf/security/advisories/GHSA-m449-cwjh-6pw7

Patch

https://github.com/py-pdf/pypdf/releases