pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAX_DECLARED_STREAM_LENGTH is sometimes ignored. This requires parsing a content stream without a /Length value. This issue has been fixed in version 6.13.3.
Metrics
Affected Vendors & Products
References
History
Tue, 30 Jun 2026 22:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | pypdf is a free and open-source pure-python PDF library. Prior to 6.13.3, a maliciously crafted PDF can cause DoS. An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAX_DECLARED_STREAM_LENGTH is sometimes ignored. This requires parsing a content stream without a /Length value. This issue has been fixed in version 6.13.3. | |
| Title | pypdf: Missing stream length values ignore defined limits | |
| Weaknesses | CWE-400 | |
| References |
| |
| Metrics |
cvssV4_0
|
Status: PUBLISHED
Assigner: GitHub_M
Published:
Updated: 2026-06-30T21:59:46.274Z
Reserved: 2026-06-24T02:00:46.801Z
Link: CVE-2026-57204
No data.
No data.
No data.
OpenCVE Enrichment
No data.