pypdf 6.7.5 vulnerabilities

Direct Vulnerabilities

Known vulnerabilities in the pypdf package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Inefficient Algorithmic Complexity pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the decoding process of array-based streams. An attacker can cause excessive resource consumption by crafting a PDF with a large number of entries in an array-based stream. How to fix Inefficient Algorithmic Complexity? Upgrade `pypdf` to version 6.9.1 or higher.	[,6.9.1)
M Allocation of Resources Without Limits or Throttling pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in `read_from_stream()`, when parsing PDF content streams. An attacker can consume excessive memory by providing a content stream with an excessive declared `/Length` value, even if the data length is not excessive. Note: The project maintainers note that "As far as we are aware, this mostly affects reading from buffers of unknown size, as returned by `open("file.pdf", mode="rb")` for example. Passing a file path or a `BytesIO` buffer to pypdf instead does not seem to trigger the vulnerability." How to fix Allocation of Resources Without Limits or Throttling? Upgrade `pypdf` to version 6.8.0 or higher.	[,6.8.0)

Vulnerability

Vulnerable Version

Inefficient Algorithmic Complexity

pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files

Affected versions of this package are vulnerable to Inefficient Algorithmic Complexity in the decoding process of array-based streams. An attacker can cause excessive resource consumption by crafting a PDF with a large number of entries in an array-based stream.

How to fix Inefficient Algorithmic Complexity?

Upgrade pypdf to version 6.9.1 or higher.

[,6.9.1)

Allocation of Resources Without Limits or Throttling

pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files

Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in read_from_stream(), when parsing PDF content streams. An attacker can consume excessive memory by providing a content stream with an excessive declared /Length value, even if the data length is not excessive.

Note: The project maintainers note that "As far as we are aware, this mostly affects reading from buffers of unknown size, as returned by open("file.pdf", mode="rb") for example. Passing a file path or a BytesIO buffer to pypdf instead does not seem to trigger the vulnerability."

How to fix Allocation of Resources Without Limits or Throttling?

Upgrade pypdf to version 6.8.0 or higher.

[,6.8.0)

pypdf@6.7.5 vulnerabilities

A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files

latest version

latest non vulnerable version

first published

latest version published

licenses detected

Direct Vulnerabilities

Fix vulnerabilities automatically