CNNVD-202601-1742 Information

CNNVD ID

CNNVD-202601-1742

Related CVE

CVE-2026-22690

• CNNVD Published: 2026-01-10

Description (Chinese)

pypdf是py-pdf开源的一个免费开源的纯 python PDF 库。能够拆分、合并、裁剪和转换 PDF 文件的页面。 pypdf 6.6.0之前版本存在资源管理错误漏洞，该漏洞源于处理缺失Root对象和大Size值的PDF时可能产生长运行时间，可能导致拒绝服务。

Description (English)

Pypdf is a free, open python PDF library. to split, merge, crop and convert pages of PDF files. The previous version of pypdf 6.6.0 had a resource management error gap, which stemmed from the possibility of long running time when processing PDFs with missing Root objects and large Size values, which could lead to the denial of services.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

py-pdf

Published

2026-01-10

Last Modified

2026-02-24

References

https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45 https://github.com/py-pdf/pypdf/pull/3594 https://github.com/py-pdf/pypdf/releases/tag/6.6.0 https://github.com/py-pdf/pypdf/security/advisories/GHSA-4xc4-762w-m6cg

Patch

https://github.com/py-pdf/pypdf/releases