CVE-2026-28804

Опубликовано: 06 мар. 2026

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5.

Ссылки

https://github.com/py-pdf/pypdf/commit/648c627d2657447dfb1773412af05a0a5103b98f
Patch
https://github.com/py-pdf/pypdf/pull/3666
Issue Tracking
Patch
https://github.com/py-pdf/pypdf/releases/tag/6.7.5
Product
Release Notes
https://github.com/py-pdf/pypdf/security/advisories/GHSA-9m86-7pmv-2852
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pypdf_project:pypdf:*:*:*:*:*:*:*:*

Версия до 6.7.5 (исключая)

EPSS

Процентиль: 14%

0.00045

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-407

Связанные уязвимости

CVE-2026-28804

CVSS3: 5.3

ubuntu

21 день назад

CVE-2026-28804

CVSS3: 6.5

redhat

21 день назад

CVE-2026-28804

CVSS3: 5.3

debian

21 день назад

pypdf is a free and open-source pure-python PDF library. Prior to vers ...

openSUSE-SU-2026:20348-1

suse-cvrf

16 дней назад

Security update for python-PyPDF2

GHSA-9m86-7pmv-2852

github

25 дней назад

pypdf vulnerable to inefficient decoding of ASCIIHexDecode streams

EPSS

Процентиль: 14%

0.00045

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-407