CVE-2026-33123
ADVISORY - githubSummary
Impact
An attacker who uses this vulnerability can craft a PDF which leads to long runtimes and/or large memory usage. This requires accessing an array-based stream with lots of entries.
Patches
This has been fixed in pypdf==6.9.1.
Workarounds
If you cannot upgrade yet, consider applying the changes from PR #3686.
EPSS Score: 0.00349 (0.270)
Common Weakness Enumeration (CWE)
ADVISORY - github
ADVISORY - redhat
Allocation of Resources Without Limits or Throttling
NIST
CVSS SCORE
5.1mediumGitHub
CVSS SCORE
5.1mediumDebian
CREATED
UPDATED
ADVISORY IDCVE-2026-33123
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2026-33123
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
6.5mediumRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2026-33123
EXPLOITABILITY SCORE
2.8
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
4.3mediumChainguard
CREATED
UPDATED
ADVISORY ID
CGA-23v6-4x7h-5824
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-3rvm-v6j7-4gg8
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
minimos
CREATED
UPDATED
ADVISORY ID
MINI-8wcx-vfpq-5j84
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-