CVE-2026-48156
ADVISORY - githubSummary
Impact
An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W [0 0 0] values and large /Size values.
Patches
This has been fixed in pypdf==6.12.0.
Workarounds
If developers are unable to upgrade their apps immediately, they should consider applying the changes from PR #3791.
EPSS Score: 0.00124 (0.025)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Excessive Iteration
ADVISORY - github
Excessive Iteration
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in