CVE-2026-27628

ADVISORY - github

Summary

Impact

An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file.

Patches

This has been fixed in pypdf==6.7.2.

Workarounds

If users cannot upgrade yet, consider applying the changes from PR #3655.

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-835⁠

Loop with Unreachable Exit Condition ('Infinite Loop')

ADVISORY - github

CWE-835⁠

Loop with Unreachable Exit Condition ('Infinite Loop')

ADVISORY - redhat

CWE-835⁠

Loop with Unreachable Exit Condition ('Infinite Loop')

Impacted images

Advisories

NIST

CREATED

1 day ago

UPDATED

13 hours ago

ADVISORY IDCVE-2026-27628⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-835⁠

CVSS SCORE

1.2low

GitHub

CREATED

14 hours ago

UPDATED

14 hours ago

ADVISORY IDGHSA-2rw7-x74f-jg35⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-835⁠

CVSS SCORE

1.2low

Debian

CREATED

18 hours ago

UPDATED

18 hours ago

ADVISORY IDCVE-2026-27628⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Ubuntu

CREATED

10 hours ago

UPDATED

9 hours ago

ADVISORY IDCVE-2026-27628⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Red Hat

CREATED

1 day ago

UPDATED

4 hours ago

ADVISORY IDCVE-2026-27628⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-835⁠

CVSS SCORE

7.5medium