Vulnerability	Vulnerable Version
M Regular Expression Denial of Service (ReDoS) pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the `_flatten()` function. An attacker can cause excessive processing times by providing a crafted PDF with invalid `startxref` entries containing numerous whitespace characters. This is only exploitable if non-strict reading mode is enabled. How to fix Regular Expression Denial of Service (ReDoS)? Upgrade `pypdf` to version 6.6.0 or higher.	[,6.6.0)
M Unchecked Input for Loop Condition pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Unchecked Input for Loop Condition in the processing of PDF files when the `/Root` entry is omitted from the trailer and a large `/Size` value is used. An attacker can cause excessive resource consumption and significantly increase processing time by submitting a malicious PDF file. This is only exploitable if non-strict reading mode is enabled. How to fix Unchecked Input for Loop Condition? Upgrade `pypdf` to version 6.6.0 or higher.	[,6.6.0)

Regular Expression Denial of Service (ReDoS)

pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files

Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) in the _flatten() function. An attacker can cause excessive processing times by providing a crafted PDF with invalid startxref entries containing numerous whitespace characters. This is only exploitable if non-strict reading mode is enabled.

How to fix Regular Expression Denial of Service (ReDoS)?

Upgrade pypdf to version 6.6.0 or higher.

[,6.6.0)

Unchecked Input for Loop Condition

pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files

Affected versions of this package are vulnerable to Unchecked Input for Loop Condition in the processing of PDF files when the /Root entry is omitted from the trailer and a large /Size value is used. An attacker can cause excessive resource consumption and significantly increase processing time by submitting a malicious PDF file. This is only exploitable if non-strict reading mode is enabled.

How to fix Unchecked Input for Loop Condition?

Upgrade pypdf to version 6.6.0 or higher.

[,6.6.0)

Go back to all versions of this package