Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-27025

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-20 Feb, 2026 | 21:11
Updated At-24 Feb, 2026 | 18:40
Rejected At-
Credits

pypdf has possible long runtimes/large memory usage for large /ToUnicode streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. This vulnerability is fixed in 6.7.1.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:20 Feb, 2026 | 21:11
Updated At:24 Feb, 2026 | 18:40
Rejected At:
â–¼CVE Numbering Authority (CNA)
pypdf has possible long runtimes/large memory usage for large /ToUnicode streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. This vulnerability is fixed in 6.7.1.

Affected Products
Vendor
py-pdf
Product
pypdf
Versions
Affected
  • < 6.7.1
Problem Types
TypeCWE IDDescription
CWECWE-834CWE-834: Excessive Iteration
Type: CWE
CWE ID: CWE-834
Description: CWE-834: Excessive Iteration
Metrics
VersionBase scoreBase severityVector
4.06.9MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/py-pdf/pypdf/security/advisories/GHSA-wgvp-vg3v-2xq3
x_refsource_CONFIRM
https://github.com/py-pdf/pypdf/pull/3646
x_refsource_MISC
https://github.com/py-pdf/pypdf/commit/77d7b8d7cfbe8dd179858dfa42666f73fc6e57a2
x_refsource_MISC
https://github.com/py-pdf/pypdf/releases/tag/6.7.1
x_refsource_MISC
Hyperlink: https://github.com/py-pdf/pypdf/security/advisories/GHSA-wgvp-vg3v-2xq3
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/py-pdf/pypdf/pull/3646
Resource:
x_refsource_MISC
Hyperlink: https://github.com/py-pdf/pypdf/commit/77d7b8d7cfbe8dd179858dfa42666f73fc6e57a2
Resource:
x_refsource_MISC
Hyperlink: https://github.com/py-pdf/pypdf/releases/tag/6.7.1
Resource:
x_refsource_MISC
â–¼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:20 Feb, 2026 | 22:16
Updated At:24 Feb, 2026 | 15:16

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes and large memory consumption. This requires parsing the /ToUnicode entry of a font with unusually large values, for example during text extraction. This vulnerability is fixed in 6.7.1.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.06.9MEDIUM
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 4.0
Base score: 6.9
Base severity: MEDIUM
Vector:
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CPE Matches
pypdf_project
pypdf_project
>>pypdf>>Versions before 6.7.1(exclusive)
cpe:2.3:a:pypdf_project:pypdf:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-834Primarysecurity-advisories@github.com
CWE ID: CWE-834
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/py-pdf/pypdf/commit/77d7b8d7cfbe8dd179858dfa42666f73fc6e57a2security-advisories@github.com
Patch
https://github.com/py-pdf/pypdf/pull/3646security-advisories@github.com
Issue Tracking
Patch
https://github.com/py-pdf/pypdf/releases/tag/6.7.1security-advisories@github.com
Product
Release Notes
https://github.com/py-pdf/pypdf/security/advisories/GHSA-wgvp-vg3v-2xq3security-advisories@github.com
Patch
Vendor Advisory
Hyperlink: https://github.com/py-pdf/pypdf/commit/77d7b8d7cfbe8dd179858dfa42666f73fc6e57a2
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/py-pdf/pypdf/pull/3646
Source: security-advisories@github.com
Resource:
Issue Tracking
Patch
Hyperlink: https://github.com/py-pdf/pypdf/releases/tag/6.7.1
Source: security-advisories@github.com
Resource:
Product
Release Notes
Hyperlink: https://github.com/py-pdf/pypdf/security/advisories/GHSA-wgvp-vg3v-2xq3
Source: security-advisories@github.com
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

7Records found
CVE-2026-27026
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.01% / 1.69%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 21:12
Updated-24 Feb, 2026 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pypdf possibly has long runtimes for malformed FlateDecode streams

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. This vulnerability is fixed in 6.7.1.

Action-Not Available
Vendor-pypdf_projectpy-pdf
Product-pypdfpypdf
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2026-27024
Matching Score-8
Assigner-GitHub, Inc.
ShareView Details
Matching Score-8
Assigner-GitHub, Inc.
CVSS Score-6.9||MEDIUM
EPSS-0.01% / 1.69%
||
7 Day CHG~0.00%
Published-20 Feb, 2026 | 21:10
Updated-24 Feb, 2026 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pypdf has a possible infinite loop when processing TreeObject

pypdf is a free and open-source pure-python PDF library. Prior to 6.7.1, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires accessing the children of a TreeObject, for example as part of outlines. This vulnerability is fixed in 6.7.1.

Action-Not Available
Vendor-pypdf_projectpy-pdf
Product-pypdfpypdf
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2025-62707
Matching Score-6
Assigner-GitHub, Inc.
ShareView Details
Matching Score-6
Assigner-GitHub, Inc.
CVSS Score-6.6||MEDIUM
EPSS-0.10% / 28.45%
||
7 Day CHG+0.02%
Published-22 Oct, 2025 | 21:36
Updated-27 Oct, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
pypdf affected by possible infinite loop when reading DCT inline images without EOF marker

pypdf is a free and open-source pure-python PDF library. Prior to version 6.1.3, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page which has an inline image using the DCTDecode filter. This has been fixed in pypdf version 6.1.3.

Action-Not Available
Vendor-pypdf_projectpy-pdf
Product-pypdfpypdf
CWE ID-CWE-834
Excessive Iteration
CVE-2021-28950
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.19%
||
7 Day CHG~0.00%
Published-20 Mar, 2021 | 19:55
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in fs/fuse/fuse_i.h in the Linux kernel before 5.11.8. A "stall on CPU" can occur because a retry loop continually finds the same bad inode, aka CID-775c5033a0d1.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncFedora ProjectDebian GNU/Linux
Product-debian_linuxlinux_kernelfedoran/a
CWE ID-CWE-834
Excessive Iteration
CVE-2019-9376
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-4
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 2.85%
||
7 Day CHG~0.00%
Published-27 Sep, 2019 | 18:05
Updated-04 Aug, 2024 | 21:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Account of Account.java, there is a possible boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android; Versions: Android-9, Android-8.0, Android-8.1; Android ID: A-129287265.

Action-Not Available
Vendor-n/aGoogle LLC
Product-androidAndroid
CWE ID-CWE-834
Excessive Iteration
CVE-2020-8992
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.05% / 16.72%
||
7 Day CHG~0.00%
Published-14 Feb, 2020 | 04:27
Updated-04 Aug, 2024 | 10:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ext4_protect_reserved_inode in fs/ext4/block_validity.c in the Linux kernel through 5.5.3 allows attackers to cause a denial of service (soft lockup) via a crafted journal size.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncNetApp, Inc.openSUSECanonical Ltd.
Product-ubuntu_linuxlinux_kernelcloud_backuphci_management_nodesteelstore_cloud_integrated_storageactive_iq_unified_managerh410c_firmwareh410cdata_availability_servicessolidfireleapn/a
CWE ID-CWE-400
Uncontrolled Resource Consumption
CWE ID-CWE-834
Excessive Iteration
CVE-2024-42237
Matching Score-4
Assigner-kernel.org
ShareView Details
Matching Score-4
Assigner-kernel.org
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 0.80%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 15:14
Updated-03 Nov, 2025 | 22:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
firmware: cs_dsp: Validate payload length before processing block

In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Validate payload length before processing block Move the payload length check in cs_dsp_load() and cs_dsp_coeff_load() to be done before the block is processed. The check that the length of a block payload does not exceed the number of remaining bytes in the firwmware file buffer was being done near the end of the loop iteration. However, some code before that check used the length field without validating it.

Action-Not Available
Vendor-Linux Kernel Organization, Inc
Product-linux_kernelLinux
CWE ID-CWE-834
Excessive Iteration
Details not found