pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAX_DECLARED_STREAM_LENGTH is sometimes ignored. This requires parsing a content stream without a /Length value. This issue has been fixed in version 6.13.3.
Advisories
No advisories yet.
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Wed, 01 Jul 2026 15:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Wed, 01 Jul 2026 04:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Py-pdf
Py-pdf pypdf |
|
| Vendors & Products |
Py-pdf
Py-pdf pypdf |
Tue, 30 Jun 2026 22:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAX_DECLARED_STREAM_LENGTH is sometimes ignored. This requires parsing a content stream without a /Length value. This issue has been fixed in version 6.13.3. | |
| Title | pypdf: Missing stream length values ignore defined limits | |
| Weaknesses | CWE-400 | |
| References |
| |
| Metrics |
cvssV4_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-07-01T14:29:01.785Z
Reserved: 2026-06-24T02:00:46.801Z
Link: CVE-2026-57204
Updated: 2026-07-01T13:57:20.042Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-01T03:45:03Z
Weaknesses