CVE Vulnerabilities

CVE-2026-41168

Excessive Iteration

Published: Apr 22, 2026 | Modified: Apr 24, 2026
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CVSS 2.x
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.1 can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values. This has been fixed in pypdf 6.10.1. As a workaround, one may apply the changes from the patch manually.

Weakness

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

Affected Software

NameVendorStart VersionEnd Version
PypdfPypdf_project*6.10.1 (excluding)
Pypdf2Ubuntuesm-apps/xenial*

References