python · pypdfHeads-up

pypdf: Unbounded memory usage when parsing PDF without /Length

A vulnerability in pypdf allows an attacker to craft a PDF that leads to large memory usage because MAX_DECLARED_STREAM_LENGTH is sometimes ignored when parsing

19 Jun 2026Read 1 minSeverity: schedule it

What changed

A vulnerability in pypdf allows an attacker to craft a PDF that leads to large memory usage because MAX_DECLARED_STREAM_LENGTH is sometimes ignored when parsing a content stream without a /Length value.

Who it affects

Users of pypdf versions prior to 6.13.3 who parse untrusted PDF files.

What to do today

Upgrade to pypdf==6.13.3 or apply the changes from PR #3871.

The trail

Collected→ Audited→ Written→ Published

Source

GitHub Advisory · pypdf

pypdf: Unbounded memory usage when parsing PDF without /Length

What changed

Who it affects

What to do today

More on pypdf

praisonai-platform: Cross-tenant integrity violation in issue endpoints

bbot unarchive module path traversal risk with old GNU tar