CVE Vulnerabilities

CVE-2026-41313

Excessive Iteration

Published: Apr 22, 2026 | Modified: Apr 27, 2026
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
5.5 MODERATE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer /Size value in incremental mode. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually.

Weakness

The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.

Affected Software

NameVendorStart VersionEnd Version
PypdfPypdf_project*6.10.2 (excluding)
Pypdf2Ubuntuesm-apps/xenial*

References