CVE-2026-48156

ADVISORY - github

Summary

Impact

An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with /W [0 0 0] values and large /Size values.

Patches

This has been fixed in pypdf==6.12.0.

Workarounds

If developers are unable to upgrade their apps immediately, they should consider applying the changes from PR #3791.

EPSS Score: 0.00124 (0.025)

Common Weakness Enumeration (CWE)

ADVISORY - nist

Excessive Iteration

ADVISORY - github

Excessive Iteration


Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.

Sign in