These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
A memory consumption vulnerability exists in pypdf versions prior to 6.12.1. An attacker can craft a PDF with large XMP metadata containing excessive unnecessary elements, causing significant memory usage during parsing. This represents a denial-of-service condition through resource exhaustion. The vulnerability is classified as CWE-770 (Allocation of Resources Without Limits or Throttling). The issue was [truncated]
A denial-of-service vulnerability exists in pypdf prior to version 6.12.0. An attacker can craft a malicious PDF file that causes excessive processing time, leading to application slowdown or unavailability. The attack leverages cross-reference streams with /W [0 0 0] values combined with large /Size values in the PDF structure. This vulnerability has been assigned a CVSS 4.0 score of 5.1 (MEDIUM severity [truncated]
CVE-2026-48155 is a medium-severity uncontrolled resource consumption vulnerability (CWE-400) in pypdf, a pure-Python PDF library. The vulnerability exists in versions prior to 6.12.0 and can be triggered when extracting text in layout mode with large character offsets, leading to excessive memory usage. The issue was published on 2026-05-28 and remains under analysis by NVD. No known exploitation in the [truncated]