CNNVD-202601-4455 Information
CNNVD ID
CNNVD-202601-4455
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
pypdf是py-pdf开源的一个免费开源的纯 python PDF 库。能够拆分、合并、裁剪和转换 PDF 文件的页面。 pypdf 6.6.2之前版本存在安全漏洞,该漏洞源于存在无限循环,可能导致处理特制PDF时消耗资源。
Description (English)
Pypdf is a free, open python PDF library. to split, merge, crop and convert pages of PDF files. There was a security loophole in the previous version of pypdf 6.6.2, which stemmed from the existence of an unlimited cycle, which could result in the consumption of resources when dealing with customized PDFs.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
py-pdf
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/py-pdf/pypdf/commit/b1282f8dcdc1a7b41ceab6740ffddfdf31b1fec1 https://github.com/py-pdf/pypdf/pull/3610 https://github.com/py-pdf/pypdf/releases/tag/6.6.2 https://github.com/py-pdf/pypdf/security/advisories/GHSA-2q4j-m29v-hq73
Patch
https://github.com/py-pdf/pypdf/releases
Share on: