Resource exhaustion in PyPDF - #VU135040
Published: June 23, 2026
PyPDF
Detailed vulnerability description
The vulnerability allows a remote attacker to cause excessive memory consumption.
The vulnerability exists due to uncontrolled resource consumption in content stream parsing when processing a PDF content stream without a /Length value. A remote attacker can supply a specially crafted PDF to cause excessive memory consumption.
The issue occurs because MAX_DECLARED_STREAM_LENGTH is sometimes ignored.