๐Ÿ” CVE Alert

CVE-2026-59938

UNKNOWN 0.0

pypdf: Possible large memory usage for wrong image dimensions

CVSS Score
0.0
EPSS Score
0.3%
EPSS Percentile
25th

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0.

CWE CWE-789
Vendor py-pdf
Product pypdf
Published Jul 8, 2026
Last Updated Jul 9, 2026
Stay Ahead of the Next One

Get instant alerts for py-pdf pypdf

Be the first to know when new unknown vulnerabilities affecting py-pdf pypdf are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

py-pdf / pypdf
< 6.14.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/py-pdf/pypdf/security/advisories/GHSA-5qjq-93h5-hrgp github.com: https://github.com/py-pdf/pypdf/pull/3888 github.com: https://github.com/py-pdf/pypdf/commit/c64583be16b8e8763d8777075f8ecbf382014b7a github.com: https://github.com/py-pdf/pypdf/releases/tag/6.14.0