216.73.216.133

CVE-2026-27024

· Published 20/02/2026 22:16 · Modified 20/02/2026 22:16

Labels: CVE-2026-27024 2026-02-20CVE-2026-27024CWE-835[email protected]

Essential information

Published
20/02/2026 22:16
Modified
20/02/2026 22:16
Author
Creator
CVSS
6.9 MEDIUM (v3) 6.9 MEDIUM (v4.0)
CISA KEV
No
CWE
CVSS vector

CVSS metrics

Description

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in 6.7.1.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
python / pypdf cpe:2.3:a:python:pypdf:<6.7.1:*:*:*:*:*:*:*
python / pypdf cpe:2.3:a:python:pypdf:6.7.1:*:*:*:*:*:*:*

References