CNNVD-202601-1741 Information

CNNVD ID

CNNVD-202601-1741

Related CVE

CVE-2026-22691

• CNNVD Published: 2026-01-10

Description (Chinese)

pypdf是py-pdf开源的一个免费开源的纯 python PDF 库。能够拆分、合并、裁剪和转换 PDF 文件的页面。 pypdf 6.6.0之前版本存在安全漏洞，该漏洞源于处理格式错误的startxref条目时可能产生长运行时间，可能导致拒绝服务。

Description (English)

Pypdf is a free, open python PDF library. to split, merge, crop and convert pages of PDF files. There was a security loophole in the previous version of pypdf 6.6.0, which stemmed from the possibility of long running hours when processing an item in the wrong format, which could lead to the denial of services.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

py-pdf

Published

2026-01-10

Last Modified

2026-02-24

References

https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45 https://github.com/py-pdf/pypdf/pull/3594 https://github.com/py-pdf/pypdf/releases/tag/6.6.0 https://github.com/py-pdf/pypdf/security/advisories/GHSA-4f6g-68pf-7vhv

Patch

https://github.com/py-pdf/pypdf/releases