{"url":"http://public2.vulnerablecode.io/api/packages/124580?format=json","purl":"pkg:deb/debian/pypdf@3.4.1-1%2Bdeb12u1?distro=trixie","type":"deb","namespace":"debian","name":"pypdf","version":"3.4.1-1+deb12u1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.17.4-1","latest_non_vulnerable_version":"6.9.2-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50484?format=json","vulnerability_id":"VCID-1msk-7rj1-juhr","summary":"pypdf vulnerable to inefficient decoding of ASCIIHexDecode streams\nAn attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the `/ASCIIHexDecode` filter.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28804.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28804.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28804","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04144","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04165","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04151","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04125","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28804"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28804","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28804"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/648c627d2657447dfb1773412af05a0a5103b98f","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-06T15:59:59Z/"}],"url":"https://github.com/py-pdf/pypdf/commit/648c627d2657447dfb1773412af05a0a5103b98f"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/3666","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-06T15:59:59Z/"}],"url":"https://github.com/py-pdf/pypdf/pull/3666"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.7.5","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-06T15:59:59Z/"}],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.7.5"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130045","reference_id":"1130045","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130045"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445118","reference_id":"2445118","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2445118"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28804","reference_id":"CVE-2026-28804","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28804"},{"reference_url":"https://github.com/advisories/GHSA-9m86-7pmv-2852","reference_id":"GHSA-9m86-7pmv-2852","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9m86-7pmv-2852"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-9m86-7pmv-2852","reference_id":"GHSA-9m86-7pmv-2852","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-06T15:59:59Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-9m86-7pmv-2852"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124586?format=json","purl":"pkg:deb/debian/pypdf@6.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2026-28804","GHSA-9m86-7pmv-2852"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1msk-7rj1-juhr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50207?format=json","vulnerability_id":"VCID-3etm-mqd2-p7bs","summary":"pypdf has a possible infinite loop when processing TreeObject\nAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a `TreeObject`, for example as part of outlines.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27024.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27024.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27024","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00331","published_at":"2026-06-09T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00338","published_at":"2026-06-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.0034","published_at":"2026-06-06T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00333","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27024"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27024"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/bd2f6d052fe5941e85e37082c2a43453d48d1295","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:34:14Z/"}],"url":"https://github.com/py-pdf/pypdf/commit/bd2f6d052fe5941e85e37082c2a43453d48d1295"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/3645","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:34:14Z/"}],"url":"https://github.com/py-pdf/pypdf/pull/3645"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.7.1","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:34:14Z/"}],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.7.1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128654","reference_id":"1128654","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128654"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441490","reference_id":"2441490","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441490"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27024","reference_id":"CVE-2026-27024","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27024"},{"reference_url":"https://github.com/advisories/GHSA-996q-pr4m-cvgq","reference_id":"GHSA-996q-pr4m-cvgq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-996q-pr4m-cvgq"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-996q-pr4m-cvgq","reference_id":"GHSA-996q-pr4m-cvgq","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:34:14Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-996q-pr4m-cvgq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124586?format=json","purl":"pkg:deb/debian/pypdf@6.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2026-27024","GHSA-996q-pr4m-cvgq"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3etm-mqd2-p7bs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50235?format=json","vulnerability_id":"VCID-3fez-gvgc-qudh","summary":"pypdf possibly has long runtimes for malformed FlateDecode streams\nAn attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed `/FlateDecode` stream, where the byte-by-byte decompression is used.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27026.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27026.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27026","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00331","published_at":"2026-06-09T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00338","published_at":"2026-06-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.0034","published_at":"2026-06-06T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00333","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27026"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27026","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27026"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/7905842d833f899f1d3228af7e7467ad80277016","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:46:44Z/"}],"url":"https://github.com/py-pdf/pypdf/commit/7905842d833f899f1d3228af7e7467ad80277016"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/3644","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:46:44Z/"}],"url":"https://github.com/py-pdf/pypdf/pull/3644"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.7.1","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:46:44Z/"}],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.7.1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128690","reference_id":"1128690","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128690"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441495","reference_id":"2441495","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441495"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27026","reference_id":"CVE-2026-27026","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27026"},{"reference_url":"https://github.com/advisories/GHSA-9mvc-8737-8j8h","reference_id":"GHSA-9mvc-8737-8j8h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9mvc-8737-8j8h"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-9mvc-8737-8j8h","reference_id":"GHSA-9mvc-8737-8j8h","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:46:44Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-9mvc-8737-8j8h"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124586?format=json","purl":"pkg:deb/debian/pypdf@6.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2026-27026","GHSA-9mvc-8737-8j8h"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3fez-gvgc-qudh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64767?format=json","vulnerability_id":"VCID-cwwe-jgyp-akh2","summary":"pypdf: pypdf: Denial of Service due to excessive resource consumption from crafted PDF","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33123.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33123.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33123","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02576","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02673","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.0268","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02625","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02609","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33123"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33123","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33123"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/3686","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:03:57Z/"}],"url":"https://github.com/py-pdf/pypdf/pull/3686"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.9.1","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:03:57Z/"}],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.9.1"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-qpxp-75px-xjcp","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T16:03:57Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-qpxp-75px-xjcp"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33123","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33123"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131479","reference_id":"1131479","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131479"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449585","reference_id":"2449585","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2449585"},{"reference_url":"https://github.com/advisories/GHSA-qpxp-75px-xjcp","reference_id":"GHSA-qpxp-75px-xjcp","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qpxp-75px-xjcp"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2026-33123","GHSA-qpxp-75px-xjcp"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cwwe-jgyp-akh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57832?format=json","vulnerability_id":"VCID-dfdn-a7u1-qbcd","summary":"PyPDF's Manipulated FlateDecode streams can exhaust RAM\nAn attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires just reading the file if a series of FlateDecode filters is used on a malicious cross-reference stream. Other content streams are affected on explicit access.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55197.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-55197.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55197","reference_id":"","reference_type":"","scores":[{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37263","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37198","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37237","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37269","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00597","scoring_system":"epss","scoring_elements":"0.69812","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-55197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-55197"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/blob/0dd57738bbdcdb63f0fb43d8a6b3d222b6946595/pypdf/filters.py#L72-L143","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:41:25Z/"}],"url":"https://github.com/py-pdf/pypdf/blob/0dd57738bbdcdb63f0fb43d8a6b3d222b6946595/pypdf/filters.py#L72-L143"},{"reference_url":"https://github.com/py-pdf/pypdf/issues/3429","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:41:25Z/"}],"url":"https://github.com/py-pdf/pypdf/issues/3429"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/3430","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:41:25Z/"}],"url":"https://github.com/py-pdf/pypdf/pull/3430"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.0.0","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:41:25Z/"}],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.0.0"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111139","reference_id":"1111139","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1111139"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2388450","reference_id":"2388450","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2388450"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55197","reference_id":"CVE-2025-55197","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-55197"},{"reference_url":"https://github.com/advisories/GHSA-7hfw-26vp-jp8m","reference_id":"GHSA-7hfw-26vp-jp8m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7hfw-26vp-jp8m"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-7hfw-26vp-jp8m","reference_id":"GHSA-7hfw-26vp-jp8m","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-14T13:41:25Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-7hfw-26vp-jp8m"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124586?format=json","purl":"pkg:deb/debian/pypdf@6.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2025-55197","GHSA-7hfw-26vp-jp8m"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dfdn-a7u1-qbcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49834?format=json","vulnerability_id":"VCID-e629-n81d-3uhz","summary":"pypdf has possible Infinite Loop when processing outlines/bookmarks\nAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the outlines/bookmarks.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24688.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-24688.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24688","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02879","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02978","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02986","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02931","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02914","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-24688"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24688","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-24688"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/b1282f8dcdc1a7b41ceab6740ffddfdf31b1fec1","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T20:35:51Z/"}],"url":"https://github.com/py-pdf/pypdf/commit/b1282f8dcdc1a7b41ceab6740ffddfdf31b1fec1"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/3610","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T20:35:51Z/"}],"url":"https://github.com/py-pdf/pypdf/pull/3610"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.6.2","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T20:35:51Z/"}],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.6.2"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126575","reference_id":"1126575","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1126575"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433492","reference_id":"2433492","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2433492"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24688","reference_id":"CVE-2026-24688","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-24688"},{"reference_url":"https://github.com/advisories/GHSA-2q4j-m29v-hq73","reference_id":"GHSA-2q4j-m29v-hq73","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2q4j-m29v-hq73"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-2q4j-m29v-hq73","reference_id":"GHSA-2q4j-m29v-hq73","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"5.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-27T20:35:51Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-2q4j-m29v-hq73"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124586?format=json","purl":"pkg:deb/debian/pypdf@6.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2026-24688","GHSA-2q4j-m29v-hq73"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e629-n81d-3uhz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49653?format=json","vulnerability_id":"VCID-f655-nwpc-xqec","summary":"pypdf has possible long runtimes for missing /Root object with large /Size values\nAn attacker who exploits this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be achieved by omitting the `/Root` entry in the trailer, while using a rather large `/Size` value. Only the non-strict reading mode is affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22690.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22690.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22690","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04155","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04459","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06674","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06666","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06679","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22690"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22690","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22690"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T17:06:53Z/"}],"url":"https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/3594","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T17:06:53Z/"}],"url":"https://github.com/py-pdf/pypdf/pull/3594"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.6.0","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T17:06:53Z/"}],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.6.0"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125187","reference_id":"1125187","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125187"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428428","reference_id":"2428428","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428428"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22690","reference_id":"CVE-2026-22690","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22690"},{"reference_url":"https://github.com/advisories/GHSA-4xc4-762w-m6cg","reference_id":"GHSA-4xc4-762w-m6cg","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4xc4-762w-m6cg"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-4xc4-762w-m6cg","reference_id":"GHSA-4xc4-762w-m6cg","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T17:06:53Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-4xc4-762w-m6cg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124586?format=json","purl":"pkg:deb/debian/pypdf@6.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2026-22690","GHSA-4xc4-762w-m6cg"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f655-nwpc-xqec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50184?format=json","vulnerability_id":"VCID-kxq6-ma4b-5uex","summary":"pypdf has possible long runtimes/large memory usage for large /ToUnicode streams\nAn attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the `/ToUnicode` entry of a font with unusually large values, for example during text extraction.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27025.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27025.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27025","reference_id":"","reference_type":"","scores":[{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00331","published_at":"2026-06-09T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00338","published_at":"2026-06-05T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.0034","published_at":"2026-06-06T12:55:00Z"},{"value":"6e-05","scoring_system":"epss","scoring_elements":"0.00333","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27025"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27025"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/77d7b8d7cfbe8dd179858dfa42666f73fc6e57a2","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:39:43Z/"}],"url":"https://github.com/py-pdf/pypdf/commit/77d7b8d7cfbe8dd179858dfa42666f73fc6e57a2"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/3646","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:39:43Z/"}],"url":"https://github.com/py-pdf/pypdf/pull/3646"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.7.1","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:39:43Z/"}],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.7.1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128656","reference_id":"1128656","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1128656"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441494","reference_id":"2441494","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2441494"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27025","reference_id":"CVE-2026-27025","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27025"},{"reference_url":"https://github.com/advisories/GHSA-wgvp-vg3v-2xq3","reference_id":"GHSA-wgvp-vg3v-2xq3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wgvp-vg3v-2xq3"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-wgvp-vg3v-2xq3","reference_id":"GHSA-wgvp-vg3v-2xq3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-24T18:39:43Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-wgvp-vg3v-2xq3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124586?format=json","purl":"pkg:deb/debian/pypdf@6.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2026-27025","GHSA-wgvp-vg3v-2xq3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxq6-ma4b-5uex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50864?format=json","vulnerability_id":"VCID-magf-2udv-4ke9","summary":"pypdf: manipulated stream length values can exhaust RAM\nAn attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large `/Length` value, regardless of the actual data length inside the stream.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31826.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-31826.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31826","reference_id":"","reference_type":"","scores":[{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00272","published_at":"2026-06-09T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00275","published_at":"2026-06-05T12:55:00Z"},{"value":"5e-05","scoring_system":"epss","scoring_elements":"0.00276","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-31826"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31826","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-31826"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/3c550b3196adeba1506a26e57c09c09fac75e9aa","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf/commit/3c550b3196adeba1506a26e57c09c09fac75e9aa"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/3675","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:51:55Z/"}],"url":"https://github.com/py-pdf/pypdf/pull/3675"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.8.0","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:51:55Z/"}],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.8.0"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130642","reference_id":"1130642","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130642"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446336","reference_id":"2446336","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2446336"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31826","reference_id":"CVE-2026-31826","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-31826"},{"reference_url":"https://github.com/advisories/GHSA-hqmh-ppp3-xvm7","reference_id":"GHSA-hqmh-ppp3-xvm7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-hqmh-ppp3-xvm7"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-hqmh-ppp3-xvm7","reference_id":"GHSA-hqmh-ppp3-xvm7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.8","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:51:55Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-hqmh-ppp3-xvm7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124586?format=json","purl":"pkg:deb/debian/pypdf@6.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2026-31826","GHSA-hqmh-ppp3-xvm7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-magf-2udv-4ke9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49642?format=json","vulnerability_id":"VCID-nrcb-psnz-37fz","summary":"pypdf has possible long runtimes for malformed startxref\nAn attacker who exploits this vulnerability can craft a PDF which leads to possibly long runtimes for invalid `startxref` entries. When rebuilding the cross-reference table, PDF files with lots of whitespace characters become problematic. Only the non-strict reading mode is affected.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22691.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-22691.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22691","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04155","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04459","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06666","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06674","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06679","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-22691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22691"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T16:48:45Z/"}],"url":"https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/3594","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T16:48:45Z/"}],"url":"https://github.com/py-pdf/pypdf/pull/3594"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.6.0","reference_id":"","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T16:48:45Z/"}],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.6.0"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125187","reference_id":"1125187","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1125187"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428427","reference_id":"2428427","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2428427"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22691","reference_id":"CVE-2026-22691","reference_type":"","scores":[{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22691"},{"reference_url":"https://github.com/advisories/GHSA-4f6g-68pf-7vhv","reference_id":"GHSA-4f6g-68pf-7vhv","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4f6g-68pf-7vhv"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-4f6g-68pf-7vhv","reference_id":"GHSA-4f6g-68pf-7vhv","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"2.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-01-12T16:48:45Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-4f6g-68pf-7vhv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124586?format=json","purl":"pkg:deb/debian/pypdf@6.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2026-22691","GHSA-4f6g-68pf-7vhv"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nrcb-psnz-37fz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50453?format=json","vulnerability_id":"VCID-u64g-bx3a-gydh","summary":"pypdf: Manipulated RunLengthDecode streams can exhaust RAM\nAn attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28351.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-28351.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28351","reference_id":"","reference_type":"","scores":[{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05302","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05365","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05346","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00019","scoring_system":"epss","scoring_elements":"0.05341","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-28351"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28351","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-28351"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/f309c6003746414dc7b5048c19e6d879ff2dc858","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:28:37Z/"}],"url":"https://github.com/py-pdf/pypdf/commit/f309c6003746414dc7b5048c19e6d879ff2dc858"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/3664","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:28:37Z/"}],"url":"https://github.com/py-pdf/pypdf/pull/3664"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.7.4","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:28:37Z/"}],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.7.4"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130043","reference_id":"1130043","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130043"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443450","reference_id":"2443450","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2443450"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28351","reference_id":"CVE-2026-28351","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-28351"},{"reference_url":"https://github.com/advisories/GHSA-f2v5-7jq9-h8cg","reference_id":"GHSA-f2v5-7jq9-h8cg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f2v5-7jq9-h8cg"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-f2v5-7jq9-h8cg","reference_id":"GHSA-f2v5-7jq9-h8cg","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-03T20:28:37Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-f2v5-7jq9-h8cg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124586?format=json","purl":"pkg:deb/debian/pypdf@6.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2026-28351","GHSA-f2v5-7jq9-h8cg"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u64g-bx3a-gydh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64192?format=json","vulnerability_id":"VCID-u88n-1ykm-w7cs","summary":"pypdf: pypdf: Denial of Service via crafted PDF in non-strict mode","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33699.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-33699.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33699","reference_id":"","reference_type":"","scores":[{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04817","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04848","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04837","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04827","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00018","scoring_system":"epss","scoring_elements":"0.04788","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-33699"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33699","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-33699"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/3693","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:27:07Z/"}],"url":"https://github.com/py-pdf/pypdf/pull/3693"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.9.2","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:27:07Z/"}],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.9.2"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-87mj-5ggw-8qc3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-27T13:27:07Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-87mj-5ggw-8qc3"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33699","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-33699"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452062","reference_id":"2452062","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2452062"},{"reference_url":"https://github.com/advisories/GHSA-87mj-5ggw-8qc3","reference_id":"GHSA-87mj-5ggw-8qc3","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-87mj-5ggw-8qc3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2026-33699","GHSA-87mj-5ggw-8qc3"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u88n-1ykm-w7cs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50412?format=json","vulnerability_id":"VCID-w28s-3v5z-tkcq","summary":"pypdf: Manipulated FlateDecode XFA streams can exhaust RAM\nAn attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the `xfa` property of a reader or writer and the corresponding stream being compressed using `/FlateDecode`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27888.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27888.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27888","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17378","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17481","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17477","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1744","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1736","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27888"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27888","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27888"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/7a4c8246ed48d9d328fb596942271da47b6d109c","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf/commit/7a4c8246ed48d9d328fb596942271da47b6d109c"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/3658","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf/pull/3658"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.7.3","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.7.3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129096","reference_id":"1129096","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1129096"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442899","reference_id":"2442899","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442899"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27888","reference_id":"CVE-2026-27888","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27888"},{"reference_url":"https://github.com/advisories/GHSA-x7hp-r3qg-r3cj","reference_id":"GHSA-x7hp-r3qg-r3cj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-x7hp-r3qg-r3cj"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-x7hp-r3qg-r3cj","reference_id":"GHSA-x7hp-r3qg-r3cj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-x7hp-r3qg-r3cj"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124586?format=json","purl":"pkg:deb/debian/pypdf@6.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2026-27888","GHSA-x7hp-r3qg-r3cj"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w28s-3v5z-tkcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50382?format=json","vulnerability_id":"VCID-wqjw-x4vu-f3bu","summary":"pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams\nAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27628.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-27628.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27628","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17587","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17687","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17681","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17649","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1757","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-27628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-27628"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/f0a462d36971cf077d74492a348d0d06fd60ea4d","reference_id":"","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T15:58:27Z/"}],"url":"https://github.com/py-pdf/pypdf/commit/f0a462d36971cf077d74492a348d0d06fd60ea4d"},{"reference_url":"https://github.com/py-pdf/pypdf/issues/3654","reference_id":"","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T15:58:27Z/"}],"url":"https://github.com/py-pdf/pypdf/issues/3654"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130042","reference_id":"1130042","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130042"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442543","reference_id":"2442543","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442543"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27628","reference_id":"CVE-2026-27628","reference_type":"","scores":[{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-27628"},{"reference_url":"https://github.com/advisories/GHSA-2rw7-x74f-jg35","reference_id":"GHSA-2rw7-x74f-jg35","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-2rw7-x74f-jg35"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35","reference_id":"GHSA-2rw7-x74f-jg35","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"1.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U"},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T15:58:27Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:10184","reference_id":"RHSA-2026:10184","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:10184"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4942","reference_id":"RHSA-2026:4942","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4942"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5168","reference_id":"RHSA-2026:5168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:5665","reference_id":"RHSA-2026:5665","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:5665"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6497","reference_id":"RHSA-2026:6497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6567","reference_id":"RHSA-2026:6567","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6567"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:6568","reference_id":"RHSA-2026:6568","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:6568"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124586?format=json","purl":"pkg:deb/debian/pypdf@6.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2026-27628","GHSA-2rw7-x74f-jg35"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wqjw-x4vu-f3bu"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48111?format=json","vulnerability_id":"VCID-2zaf-wm57-pbeh","summary":"pypdf can exhaust RAM via manipulated LZWDecode streams\nAn attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62708.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62708.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62708","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23467","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.2358","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23563","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23517","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23462","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62708"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/e51d07807ffcdaf18077b9486dadb3dc05b368da","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T15:10:16Z/"}],"url":"https://github.com/py-pdf/pypdf/commit/e51d07807ffcdaf18077b9486dadb3dc05b368da"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/3502","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T15:10:16Z/"}],"url":"https://github.com/py-pdf/pypdf/pull/3502"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.1.3","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T15:10:16Z/"}],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.1.3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118756","reference_id":"1118756","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118756"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2405945","reference_id":"2405945","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2405945"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62708","reference_id":"CVE-2025-62708","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62708"},{"reference_url":"https://github.com/advisories/GHSA-jfx9-29x2-rv3j","reference_id":"GHSA-jfx9-29x2-rv3j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jfx9-29x2-rv3j"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-jfx9-29x2-rv3j","reference_id":"GHSA-jfx9-29x2-rv3j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T15:10:16Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-jfx9-29x2-rv3j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124585?format=json","purl":"pkg:deb/debian/pypdf@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124580?format=json","purl":"pkg:deb/debian/pypdf@3.4.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1msk-7rj1-juhr"},{"vulnerability":"VCID-3etm-mqd2-p7bs"},{"vulnerability":"VCID-3fez-gvgc-qudh"},{"vulnerability":"VCID-cwwe-jgyp-akh2"},{"vulnerability":"VCID-dfdn-a7u1-qbcd"},{"vulnerability":"VCID-e629-n81d-3uhz"},{"vulnerability":"VCID-f655-nwpc-xqec"},{"vulnerability":"VCID-kxq6-ma4b-5uex"},{"vulnerability":"VCID-magf-2udv-4ke9"},{"vulnerability":"VCID-nrcb-psnz-37fz"},{"vulnerability":"VCID-u64g-bx3a-gydh"},{"vulnerability":"VCID-u88n-1ykm-w7cs"},{"vulnerability":"VCID-w28s-3v5z-tkcq"},{"vulnerability":"VCID-wqjw-x4vu-f3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@3.4.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124586?format=json","purl":"pkg:deb/debian/pypdf@6.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2025-62708","GHSA-jfx9-29x2-rv3j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2zaf-wm57-pbeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48438?format=json","vulnerability_id":"VCID-ca65-pmr4-sugf","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66019.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66019.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66019","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2292","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.23029","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.23014","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2297","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22915","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66019"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/96186725e5e6f237129a58a97cd19204a9ce40b2","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-26T16:12:41Z/"}],"url":"https://github.com/py-pdf/pypdf/commit/96186725e5e6f237129a58a97cd19204a9ce40b2"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.4.0","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-26T16:12:41Z/"}],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.4.0"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2417171","reference_id":"2417171","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2417171"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66019","reference_id":"CVE-2025-66019","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66019"},{"reference_url":"https://aydinnyunus.github.io/2025/12/20/cve-2025-66019-pypdf-lzw-dos","reference_id":"CVE-2025-66019-PYPDF-LZW-DOS","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://aydinnyunus.github.io/2025/12/20/cve-2025-66019-pypdf-lzw-dos"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-jfx9-29x2-rv3j","reference_id":"GHSA-jfx9-29x2-rv3j","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-jfx9-29x2-rv3j"},{"reference_url":"https://github.com/advisories/GHSA-m449-cwjh-6pw7","reference_id":"GHSA-m449-cwjh-6pw7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m449-cwjh-6pw7"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-m449-cwjh-6pw7","reference_id":"GHSA-m449-cwjh-6pw7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-26T16:12:41Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-m449-cwjh-6pw7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124585?format=json","purl":"pkg:deb/debian/pypdf@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124580?format=json","purl":"pkg:deb/debian/pypdf@3.4.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1msk-7rj1-juhr"},{"vulnerability":"VCID-3etm-mqd2-p7bs"},{"vulnerability":"VCID-3fez-gvgc-qudh"},{"vulnerability":"VCID-cwwe-jgyp-akh2"},{"vulnerability":"VCID-dfdn-a7u1-qbcd"},{"vulnerability":"VCID-e629-n81d-3uhz"},{"vulnerability":"VCID-f655-nwpc-xqec"},{"vulnerability":"VCID-kxq6-ma4b-5uex"},{"vulnerability":"VCID-magf-2udv-4ke9"},{"vulnerability":"VCID-nrcb-psnz-37fz"},{"vulnerability":"VCID-u64g-bx3a-gydh"},{"vulnerability":"VCID-u88n-1ykm-w7cs"},{"vulnerability":"VCID-w28s-3v5z-tkcq"},{"vulnerability":"VCID-wqjw-x4vu-f3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@3.4.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124583?format=json","purl":"pkg:deb/debian/pypdf@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1msk-7rj1-juhr"},{"vulnerability":"VCID-2zaf-wm57-pbeh"},{"vulnerability":"VCID-3etm-mqd2-p7bs"},{"vulnerability":"VCID-3fez-gvgc-qudh"},{"vulnerability":"VCID-cwwe-jgyp-akh2"},{"vulnerability":"VCID-dfdn-a7u1-qbcd"},{"vulnerability":"VCID-e629-n81d-3uhz"},{"vulnerability":"VCID-f655-nwpc-xqec"},{"vulnerability":"VCID-k9v3-68pb-7ffe"},{"vulnerability":"VCID-kxq6-ma4b-5uex"},{"vulnerability":"VCID-magf-2udv-4ke9"},{"vulnerability":"VCID-nrcb-psnz-37fz"},{"vulnerability":"VCID-u64g-bx3a-gydh"},{"vulnerability":"VCID-u88n-1ykm-w7cs"},{"vulnerability":"VCID-w28s-3v5z-tkcq"},{"vulnerability":"VCID-wqjw-x4vu-f3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2025-66019","GHSA-m449-cwjh-6pw7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ca65-pmr4-sugf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46317?format=json","vulnerability_id":"VCID-cjzq-42gr-37ds","summary":"Loop with Unreachable Exit Condition ('Infinite Loop')\npypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case when the pypdf-user manipulates an incoming malicious PDF e.g. by merging it with another PDF or by adding annotations. The issue was fixed in version 3.17.0. As a workaround, apply the patch manually by modifying `pypdf/generic/_data_structures.py`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46250","reference_id":"","reference_type":"","scores":[{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25321","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25272","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25263","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.2537","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25386","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46250"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/9b23ac3c9619492570011d551d521690de9a3e2d","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:52:16Z/"}],"url":"https://github.com/py-pdf/pypdf/commit/9b23ac3c9619492570011d551d521690de9a3e2d"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/2264","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:52:16Z/"}],"url":"https://github.com/py-pdf/pypdf/pull/2264"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46250","reference_id":"CVE-2023-46250","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46250"},{"reference_url":"https://github.com/advisories/GHSA-wjcc-cq79-p63f","reference_id":"GHSA-wjcc-cq79-p63f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wjcc-cq79-p63f"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-wjcc-cq79-p63f","reference_id":"GHSA-wjcc-cq79-p63f","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:52:16Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-wjcc-cq79-p63f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124585?format=json","purl":"pkg:deb/debian/pypdf@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124580?format=json","purl":"pkg:deb/debian/pypdf@3.4.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1msk-7rj1-juhr"},{"vulnerability":"VCID-3etm-mqd2-p7bs"},{"vulnerability":"VCID-3fez-gvgc-qudh"},{"vulnerability":"VCID-cwwe-jgyp-akh2"},{"vulnerability":"VCID-dfdn-a7u1-qbcd"},{"vulnerability":"VCID-e629-n81d-3uhz"},{"vulnerability":"VCID-f655-nwpc-xqec"},{"vulnerability":"VCID-kxq6-ma4b-5uex"},{"vulnerability":"VCID-magf-2udv-4ke9"},{"vulnerability":"VCID-nrcb-psnz-37fz"},{"vulnerability":"VCID-u64g-bx3a-gydh"},{"vulnerability":"VCID-u88n-1ykm-w7cs"},{"vulnerability":"VCID-w28s-3v5z-tkcq"},{"vulnerability":"VCID-wqjw-x4vu-f3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@3.4.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124583?format=json","purl":"pkg:deb/debian/pypdf@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1msk-7rj1-juhr"},{"vulnerability":"VCID-2zaf-wm57-pbeh"},{"vulnerability":"VCID-3etm-mqd2-p7bs"},{"vulnerability":"VCID-3fez-gvgc-qudh"},{"vulnerability":"VCID-cwwe-jgyp-akh2"},{"vulnerability":"VCID-dfdn-a7u1-qbcd"},{"vulnerability":"VCID-e629-n81d-3uhz"},{"vulnerability":"VCID-f655-nwpc-xqec"},{"vulnerability":"VCID-k9v3-68pb-7ffe"},{"vulnerability":"VCID-kxq6-ma4b-5uex"},{"vulnerability":"VCID-magf-2udv-4ke9"},{"vulnerability":"VCID-nrcb-psnz-37fz"},{"vulnerability":"VCID-u64g-bx3a-gydh"},{"vulnerability":"VCID-u88n-1ykm-w7cs"},{"vulnerability":"VCID-w28s-3v5z-tkcq"},{"vulnerability":"VCID-wqjw-x4vu-f3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2023-46250","GHSA-wjcc-cq79-p63f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjzq-42gr-37ds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45502?format=json","vulnerability_id":"VCID-dgdy-vgp3-yfck","summary":"Loop with Unreachable Exit Condition ('Infinite Loop')\npypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b\"\\r\", b\"\\n\")` in `pypdf/generic/_data_structures.py` to `while peek not in (b\"\\r\", b\"\\n\", b\"\")`.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36464.json","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-36464.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36464","reference_id":"","reference_type":"","scores":[{"value":"0.00025","scoring_system":"epss","scoring_elements":"0.07412","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26199","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26154","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26207","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00094","scoring_system":"epss","scoring_elements":"0.26098","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-36464"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/b0e5c689df689ab173df84dacd77b6fc3c161932","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf/commit/b0e5c689df689ab173df84dacd77b6fc3c161932"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/1828","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T16:55:56Z/"}],"url":"https://github.com/py-pdf/pypdf/pull/1828"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/969","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T16:55:56Z/"}],"url":"https://github.com/py-pdf/pypdf/pull/969"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/3.9.0","reference_id":"","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf/releases/tag/3.9.0"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040338","reference_id":"1040338","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040338"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040339","reference_id":"1040339","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040339"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2218075","reference_id":"2218075","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2218075"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36464","reference_id":"CVE-2023-36464","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-36464"},{"reference_url":"https://github.com/advisories/GHSA-4vvm-4w3v-6mr8","reference_id":"GHSA-4vvm-4w3v-6mr8","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-4vvm-4w3v-6mr8"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-4vvm-4w3v-6mr8","reference_id":"GHSA-4vvm-4w3v-6mr8","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-03T16:55:56Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-4vvm-4w3v-6mr8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124580?format=json","purl":"pkg:deb/debian/pypdf@3.4.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1msk-7rj1-juhr"},{"vulnerability":"VCID-3etm-mqd2-p7bs"},{"vulnerability":"VCID-3fez-gvgc-qudh"},{"vulnerability":"VCID-cwwe-jgyp-akh2"},{"vulnerability":"VCID-dfdn-a7u1-qbcd"},{"vulnerability":"VCID-e629-n81d-3uhz"},{"vulnerability":"VCID-f655-nwpc-xqec"},{"vulnerability":"VCID-kxq6-ma4b-5uex"},{"vulnerability":"VCID-magf-2udv-4ke9"},{"vulnerability":"VCID-nrcb-psnz-37fz"},{"vulnerability":"VCID-u64g-bx3a-gydh"},{"vulnerability":"VCID-u88n-1ykm-w7cs"},{"vulnerability":"VCID-w28s-3v5z-tkcq"},{"vulnerability":"VCID-wqjw-x4vu-f3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@3.4.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124582?format=json","purl":"pkg:deb/debian/pypdf@3.17.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@3.17.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124583?format=json","purl":"pkg:deb/debian/pypdf@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1msk-7rj1-juhr"},{"vulnerability":"VCID-2zaf-wm57-pbeh"},{"vulnerability":"VCID-3etm-mqd2-p7bs"},{"vulnerability":"VCID-3fez-gvgc-qudh"},{"vulnerability":"VCID-cwwe-jgyp-akh2"},{"vulnerability":"VCID-dfdn-a7u1-qbcd"},{"vulnerability":"VCID-e629-n81d-3uhz"},{"vulnerability":"VCID-f655-nwpc-xqec"},{"vulnerability":"VCID-k9v3-68pb-7ffe"},{"vulnerability":"VCID-kxq6-ma4b-5uex"},{"vulnerability":"VCID-magf-2udv-4ke9"},{"vulnerability":"VCID-nrcb-psnz-37fz"},{"vulnerability":"VCID-u64g-bx3a-gydh"},{"vulnerability":"VCID-u88n-1ykm-w7cs"},{"vulnerability":"VCID-w28s-3v5z-tkcq"},{"vulnerability":"VCID-wqjw-x4vu-f3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2023-36464","GHSA-4vvm-4w3v-6mr8"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dgdy-vgp3-yfck"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48102?format=json","vulnerability_id":"VCID-k9v3-68pb-7ffe","summary":"pypdf possibly loops infinitely when reading DCT inline images without EOF marker\nAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62707.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62707.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62707","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16202","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16314","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16304","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16261","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1618","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/f2864d6dd9bac7cecd3f4f54308b25ebbfa178f8","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T15:41:24Z/"}],"url":"https://github.com/py-pdf/pypdf/commit/f2864d6dd9bac7cecd3f4f54308b25ebbfa178f8"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/3501","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T15:41:24Z/"}],"url":"https://github.com/py-pdf/pypdf/pull/3501"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.1.3","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T15:41:24Z/"}],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.1.3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118755","reference_id":"1118755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118755"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2405943","reference_id":"2405943","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2405943"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62707","reference_id":"CVE-2025-62707","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62707"},{"reference_url":"https://github.com/advisories/GHSA-vr63-x8vc-m265","reference_id":"GHSA-vr63-x8vc-m265","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vr63-x8vc-m265"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-vr63-x8vc-m265","reference_id":"GHSA-vr63-x8vc-m265","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T15:41:24Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-vr63-x8vc-m265"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23131","reference_id":"RHSA-2025:23131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23131"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124585?format=json","purl":"pkg:deb/debian/pypdf@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124580?format=json","purl":"pkg:deb/debian/pypdf@3.4.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1msk-7rj1-juhr"},{"vulnerability":"VCID-3etm-mqd2-p7bs"},{"vulnerability":"VCID-3fez-gvgc-qudh"},{"vulnerability":"VCID-cwwe-jgyp-akh2"},{"vulnerability":"VCID-dfdn-a7u1-qbcd"},{"vulnerability":"VCID-e629-n81d-3uhz"},{"vulnerability":"VCID-f655-nwpc-xqec"},{"vulnerability":"VCID-kxq6-ma4b-5uex"},{"vulnerability":"VCID-magf-2udv-4ke9"},{"vulnerability":"VCID-nrcb-psnz-37fz"},{"vulnerability":"VCID-u64g-bx3a-gydh"},{"vulnerability":"VCID-u88n-1ykm-w7cs"},{"vulnerability":"VCID-w28s-3v5z-tkcq"},{"vulnerability":"VCID-wqjw-x4vu-f3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@3.4.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124586?format=json","purl":"pkg:deb/debian/pypdf@6.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2025-62707","GHSA-vr63-x8vc-m265"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k9v3-68pb-7ffe"}],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@3.4.1-1%252Bdeb12u1%3Fdistro=trixie"}