{"url":"http://public2.vulnerablecode.io/api/packages/124585?format=json","purl":"pkg:deb/debian/pypdf@0?distro=trixie","type":"deb","namespace":"debian","name":"pypdf","version":"0","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.17.4-1","latest_non_vulnerable_version":"6.9.2-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48111?format=json","vulnerability_id":"VCID-2zaf-wm57-pbeh","summary":"pypdf can exhaust RAM via manipulated LZWDecode streams\nAn attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62708.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62708.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62708","reference_id":"","reference_type":"","scores":[{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23467","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.2358","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23563","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23517","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00079","scoring_system":"epss","scoring_elements":"0.23462","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62708"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/e51d07807ffcdaf18077b9486dadb3dc05b368da","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T15:10:16Z/"}],"url":"https://github.com/py-pdf/pypdf/commit/e51d07807ffcdaf18077b9486dadb3dc05b368da"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/3502","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T15:10:16Z/"}],"url":"https://github.com/py-pdf/pypdf/pull/3502"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.1.3","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T15:10:16Z/"}],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.1.3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118756","reference_id":"1118756","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118756"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2405945","reference_id":"2405945","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2405945"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62708","reference_id":"CVE-2025-62708","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62708"},{"reference_url":"https://github.com/advisories/GHSA-jfx9-29x2-rv3j","reference_id":"GHSA-jfx9-29x2-rv3j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-jfx9-29x2-rv3j"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-jfx9-29x2-rv3j","reference_id":"GHSA-jfx9-29x2-rv3j","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T15:10:16Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-jfx9-29x2-rv3j"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124585?format=json","purl":"pkg:deb/debian/pypdf@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124580?format=json","purl":"pkg:deb/debian/pypdf@3.4.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1msk-7rj1-juhr"},{"vulnerability":"VCID-3etm-mqd2-p7bs"},{"vulnerability":"VCID-3fez-gvgc-qudh"},{"vulnerability":"VCID-cwwe-jgyp-akh2"},{"vulnerability":"VCID-dfdn-a7u1-qbcd"},{"vulnerability":"VCID-e629-n81d-3uhz"},{"vulnerability":"VCID-f655-nwpc-xqec"},{"vulnerability":"VCID-kxq6-ma4b-5uex"},{"vulnerability":"VCID-magf-2udv-4ke9"},{"vulnerability":"VCID-nrcb-psnz-37fz"},{"vulnerability":"VCID-u64g-bx3a-gydh"},{"vulnerability":"VCID-u88n-1ykm-w7cs"},{"vulnerability":"VCID-w28s-3v5z-tkcq"},{"vulnerability":"VCID-wqjw-x4vu-f3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@3.4.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124586?format=json","purl":"pkg:deb/debian/pypdf@6.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2025-62708","GHSA-jfx9-29x2-rv3j"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2zaf-wm57-pbeh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48438?format=json","vulnerability_id":"VCID-ca65-pmr4-sugf","summary":"Duplicate\nThis advisory duplicates another.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66019.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-66019.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66019","reference_id":"","reference_type":"","scores":[{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2292","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.23029","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.23014","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.2297","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00076","scoring_system":"epss","scoring_elements":"0.22915","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-66019"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/96186725e5e6f237129a58a97cd19204a9ce40b2","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-26T16:12:41Z/"}],"url":"https://github.com/py-pdf/pypdf/commit/96186725e5e6f237129a58a97cd19204a9ce40b2"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.4.0","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-26T16:12:41Z/"}],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.4.0"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2417171","reference_id":"2417171","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2417171"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66019","reference_id":"CVE-2025-66019","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-66019"},{"reference_url":"https://aydinnyunus.github.io/2025/12/20/cve-2025-66019-pypdf-lzw-dos","reference_id":"CVE-2025-66019-PYPDF-LZW-DOS","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://aydinnyunus.github.io/2025/12/20/cve-2025-66019-pypdf-lzw-dos"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-jfx9-29x2-rv3j","reference_id":"GHSA-jfx9-29x2-rv3j","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-jfx9-29x2-rv3j"},{"reference_url":"https://github.com/advisories/GHSA-m449-cwjh-6pw7","reference_id":"GHSA-m449-cwjh-6pw7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-m449-cwjh-6pw7"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-m449-cwjh-6pw7","reference_id":"GHSA-m449-cwjh-6pw7","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-26T16:12:41Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-m449-cwjh-6pw7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124585?format=json","purl":"pkg:deb/debian/pypdf@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124580?format=json","purl":"pkg:deb/debian/pypdf@3.4.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1msk-7rj1-juhr"},{"vulnerability":"VCID-3etm-mqd2-p7bs"},{"vulnerability":"VCID-3fez-gvgc-qudh"},{"vulnerability":"VCID-cwwe-jgyp-akh2"},{"vulnerability":"VCID-dfdn-a7u1-qbcd"},{"vulnerability":"VCID-e629-n81d-3uhz"},{"vulnerability":"VCID-f655-nwpc-xqec"},{"vulnerability":"VCID-kxq6-ma4b-5uex"},{"vulnerability":"VCID-magf-2udv-4ke9"},{"vulnerability":"VCID-nrcb-psnz-37fz"},{"vulnerability":"VCID-u64g-bx3a-gydh"},{"vulnerability":"VCID-u88n-1ykm-w7cs"},{"vulnerability":"VCID-w28s-3v5z-tkcq"},{"vulnerability":"VCID-wqjw-x4vu-f3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@3.4.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124583?format=json","purl":"pkg:deb/debian/pypdf@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1msk-7rj1-juhr"},{"vulnerability":"VCID-2zaf-wm57-pbeh"},{"vulnerability":"VCID-3etm-mqd2-p7bs"},{"vulnerability":"VCID-3fez-gvgc-qudh"},{"vulnerability":"VCID-cwwe-jgyp-akh2"},{"vulnerability":"VCID-dfdn-a7u1-qbcd"},{"vulnerability":"VCID-e629-n81d-3uhz"},{"vulnerability":"VCID-f655-nwpc-xqec"},{"vulnerability":"VCID-k9v3-68pb-7ffe"},{"vulnerability":"VCID-kxq6-ma4b-5uex"},{"vulnerability":"VCID-magf-2udv-4ke9"},{"vulnerability":"VCID-nrcb-psnz-37fz"},{"vulnerability":"VCID-u64g-bx3a-gydh"},{"vulnerability":"VCID-u88n-1ykm-w7cs"},{"vulnerability":"VCID-w28s-3v5z-tkcq"},{"vulnerability":"VCID-wqjw-x4vu-f3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2025-66019","GHSA-m449-cwjh-6pw7"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ca65-pmr4-sugf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46317?format=json","vulnerability_id":"VCID-cjzq-42gr-37ds","summary":"Loop with Unreachable Exit Condition ('Infinite Loop')\npypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case when the pypdf-user manipulates an incoming malicious PDF e.g. by merging it with another PDF or by adding annotations. The issue was fixed in version 3.17.0. As a workaround, apply the patch manually by modifying `pypdf/generic/_data_structures.py`.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46250","reference_id":"","reference_type":"","scores":[{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25321","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25272","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25263","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.2537","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00089","scoring_system":"epss","scoring_elements":"0.25386","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-46250"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/9b23ac3c9619492570011d551d521690de9a3e2d","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:52:16Z/"}],"url":"https://github.com/py-pdf/pypdf/commit/9b23ac3c9619492570011d551d521690de9a3e2d"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/2264","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:52:16Z/"}],"url":"https://github.com/py-pdf/pypdf/pull/2264"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46250","reference_id":"CVE-2023-46250","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-46250"},{"reference_url":"https://github.com/advisories/GHSA-wjcc-cq79-p63f","reference_id":"GHSA-wjcc-cq79-p63f","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-wjcc-cq79-p63f"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-wjcc-cq79-p63f","reference_id":"GHSA-wjcc-cq79-p63f","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T18:52:16Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-wjcc-cq79-p63f"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124585?format=json","purl":"pkg:deb/debian/pypdf@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124580?format=json","purl":"pkg:deb/debian/pypdf@3.4.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1msk-7rj1-juhr"},{"vulnerability":"VCID-3etm-mqd2-p7bs"},{"vulnerability":"VCID-3fez-gvgc-qudh"},{"vulnerability":"VCID-cwwe-jgyp-akh2"},{"vulnerability":"VCID-dfdn-a7u1-qbcd"},{"vulnerability":"VCID-e629-n81d-3uhz"},{"vulnerability":"VCID-f655-nwpc-xqec"},{"vulnerability":"VCID-kxq6-ma4b-5uex"},{"vulnerability":"VCID-magf-2udv-4ke9"},{"vulnerability":"VCID-nrcb-psnz-37fz"},{"vulnerability":"VCID-u64g-bx3a-gydh"},{"vulnerability":"VCID-u88n-1ykm-w7cs"},{"vulnerability":"VCID-w28s-3v5z-tkcq"},{"vulnerability":"VCID-wqjw-x4vu-f3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@3.4.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124583?format=json","purl":"pkg:deb/debian/pypdf@5.4.0-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1msk-7rj1-juhr"},{"vulnerability":"VCID-2zaf-wm57-pbeh"},{"vulnerability":"VCID-3etm-mqd2-p7bs"},{"vulnerability":"VCID-3fez-gvgc-qudh"},{"vulnerability":"VCID-cwwe-jgyp-akh2"},{"vulnerability":"VCID-dfdn-a7u1-qbcd"},{"vulnerability":"VCID-e629-n81d-3uhz"},{"vulnerability":"VCID-f655-nwpc-xqec"},{"vulnerability":"VCID-k9v3-68pb-7ffe"},{"vulnerability":"VCID-kxq6-ma4b-5uex"},{"vulnerability":"VCID-magf-2udv-4ke9"},{"vulnerability":"VCID-nrcb-psnz-37fz"},{"vulnerability":"VCID-u64g-bx3a-gydh"},{"vulnerability":"VCID-u88n-1ykm-w7cs"},{"vulnerability":"VCID-w28s-3v5z-tkcq"},{"vulnerability":"VCID-wqjw-x4vu-f3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@5.4.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2023-46250","GHSA-wjcc-cq79-p63f"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjzq-42gr-37ds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48102?format=json","vulnerability_id":"VCID-k9v3-68pb-7ffe","summary":"pypdf possibly loops infinitely when reading DCT inline images without EOF marker\nAn attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62707.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-62707.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62707","reference_id":"","reference_type":"","scores":[{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16202","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16314","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16304","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.16261","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00051","scoring_system":"epss","scoring_elements":"0.1618","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-62707"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/f2864d6dd9bac7cecd3f4f54308b25ebbfa178f8","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T15:41:24Z/"}],"url":"https://github.com/py-pdf/pypdf/commit/f2864d6dd9bac7cecd3f4f54308b25ebbfa178f8"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/3501","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T15:41:24Z/"}],"url":"https://github.com/py-pdf/pypdf/pull/3501"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.1.3","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T15:41:24Z/"}],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.1.3"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118755","reference_id":"1118755","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1118755"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2405943","reference_id":"2405943","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2405943"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62707","reference_id":"CVE-2025-62707","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-62707"},{"reference_url":"https://github.com/advisories/GHSA-vr63-x8vc-m265","reference_id":"GHSA-vr63-x8vc-m265","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vr63-x8vc-m265"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-vr63-x8vc-m265","reference_id":"GHSA-vr63-x8vc-m265","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"6.6","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-10-23T15:41:24Z/"}],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-vr63-x8vc-m265"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23131","reference_id":"RHSA-2025:23131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23131"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/124585?format=json","purl":"pkg:deb/debian/pypdf@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124580?format=json","purl":"pkg:deb/debian/pypdf@3.4.1-1%2Bdeb12u1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1msk-7rj1-juhr"},{"vulnerability":"VCID-3etm-mqd2-p7bs"},{"vulnerability":"VCID-3fez-gvgc-qudh"},{"vulnerability":"VCID-cwwe-jgyp-akh2"},{"vulnerability":"VCID-dfdn-a7u1-qbcd"},{"vulnerability":"VCID-e629-n81d-3uhz"},{"vulnerability":"VCID-f655-nwpc-xqec"},{"vulnerability":"VCID-kxq6-ma4b-5uex"},{"vulnerability":"VCID-magf-2udv-4ke9"},{"vulnerability":"VCID-nrcb-psnz-37fz"},{"vulnerability":"VCID-u64g-bx3a-gydh"},{"vulnerability":"VCID-u88n-1ykm-w7cs"},{"vulnerability":"VCID-w28s-3v5z-tkcq"},{"vulnerability":"VCID-wqjw-x4vu-f3bu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@3.4.1-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124586?format=json","purl":"pkg:deb/debian/pypdf@6.9.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/124581?format=json","purl":"pkg:deb/debian/pypdf@6.9.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@6.9.2-1%3Fdistro=trixie"}],"aliases":["CVE-2025-62707","GHSA-vr63-x8vc-m265"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k9v3-68pb-7ffe"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/pypdf@0%3Fdistro=trixie"}