{"url":"http://public2.vulnerablecode.io/api/packages/73283?format=json","purl":"pkg:pypi/pypdf@6.6.0","type":"pypi","namespace":"","name":"pypdf","version":"6.6.0","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"6.6.2","latest_non_vulnerable_version":"6.8.0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49653?format=json","vulnerability_id":"VCID-f655-nwpc-xqec","summary":"pypdf has possible long runtimes for missing /Root object with large /Size values\nAn attacker who exploits this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be achieved by omitting the `/Root` entry in the trailer, while using a rather large `/Size` value. Only the non-strict reading mode is affected.","references":[{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/3594","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/py-pdf/pypdf/pull/3594"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.6.0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.6.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22690","reference_id":"CVE-2026-22690","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22690"},{"reference_url":"https://github.com/advisories/GHSA-4xc4-762w-m6cg","reference_id":"GHSA-4xc4-762w-m6cg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4xc4-762w-m6cg"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-4xc4-762w-m6cg","reference_id":"GHSA-4xc4-762w-m6cg","reference_type":"","scores":[],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-4xc4-762w-m6cg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73283?format=json","purl":"pkg:pypi/pypdf@6.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.6.0"}],"aliases":["CVE-2026-22690","GHSA-4xc4-762w-m6cg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f655-nwpc-xqec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49642?format=json","vulnerability_id":"VCID-nrcb-psnz-37fz","summary":"pypdf has possible long runtimes for malformed startxref\nAn attacker who exploits this vulnerability can craft a PDF which leads to possibly long runtimes for invalid `startxref` entries. When rebuilding the cross-reference table, PDF files with lots of whitespace characters become problematic. Only the non-strict reading mode is affected.","references":[{"reference_url":"https://github.com/py-pdf/pypdf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/py-pdf/pypdf"},{"reference_url":"https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45"},{"reference_url":"https://github.com/py-pdf/pypdf/pull/3594","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/py-pdf/pypdf/pull/3594"},{"reference_url":"https://github.com/py-pdf/pypdf/releases/tag/6.6.0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/py-pdf/pypdf/releases/tag/6.6.0"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22691","reference_id":"CVE-2026-22691","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-22691"},{"reference_url":"https://github.com/advisories/GHSA-4f6g-68pf-7vhv","reference_id":"GHSA-4f6g-68pf-7vhv","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-4f6g-68pf-7vhv"},{"reference_url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-4f6g-68pf-7vhv","reference_id":"GHSA-4f6g-68pf-7vhv","reference_type":"","scores":[],"url":"https://github.com/py-pdf/pypdf/security/advisories/GHSA-4f6g-68pf-7vhv"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/73283?format=json","purl":"pkg:pypi/pypdf@6.6.0","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.6.0"}],"aliases":["CVE-2026-22691","GHSA-4f6g-68pf-7vhv"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nrcb-psnz-37fz"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:pypi/pypdf@6.6.0"}