๐Ÿ” CVE Alert

CVE-2026-59935

UNKNOWN 0.0

pypdf: Possible infinite loop for not terminated inline images (ASCII85 and ASCIIHex filter)

CVSS Score
0.0
EPSS Score
0.3%
EPSS Percentile
25th

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.2, an attacker can craft a PDF with a page content stream containing a not terminated inline image that uses the ASCII85 or ASCIIHex filters, causing an infinite loop during parsing such as when extracting page text. This issue is fixed in version 6.14.2.

CWE CWE-835
Vendor py-pdf
Product pypdf
Published Jul 8, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for py-pdf pypdf

Be the first to know when new unknown vulnerabilities affecting py-pdf pypdf are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

py-pdf / pypdf
< 6.14.2

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/py-pdf/pypdf/security/advisories/GHSA-g867-7843-wf8q github.com: https://github.com/py-pdf/pypdf/pull/3892 github.com: https://github.com/py-pdf/pypdf/commit/5a33a46416aa1ae6c025ff90a3cca57631fdafd2 github.com: https://github.com/py-pdf/pypdf/releases/tag/6.14.2