CVE-2026-33123
Denial of Service via Malicious PDF in pypdf
Publication date: 2026-03-20
Last updated on: 2026-03-23
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pypdf_project | pypdf | to 6.9.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-407 | An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached. |
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-33123 is a vulnerability in the pypdf Python library versions prior to 6.9.1 that allows an attacker to craft a malicious PDF file containing an array-based stream with many entries. When such a PDF is processed, it causes inefficient decoding leading to long runtimes and/or large memory usage.
This issue arises due to inefficient algorithmic complexity in handling these large array-based content streams, which can degrade system performance significantly.
The vulnerability is classified under uncontrolled resource consumption and inefficient algorithmic complexity, and it was fixed in version 6.9.1 by improving performance and imposing limits on the length of array-based content streams.
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to excessive resource consumption such as long runtimes and high memory usage when processing specially crafted malicious PDF files.
This can degrade system performance, potentially causing denial of service or making the system unresponsive due to resource exhaustion.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves processing malicious PDF files with large array-based streams that cause excessive runtimes and memory usage in the pypdf library versions prior to 6.9.1.
Detection can focus on identifying PDF files with unusually large or complex array-based content streams that might trigger the inefficient decoding.
Since the vulnerability is triggered by opening or processing such PDFs, monitoring for high CPU or memory usage during PDF processing with pypdf could indicate exploitation attempts.
No specific commands are provided in the available resources to detect this vulnerability directly on a system or network.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade the pypdf library to version 6.9.1 or later, where the vulnerability has been fixed.
If immediate upgrade is not possible, applying the changes from pull request #3686 is recommended as a workaround to limit the length of array-based content streams and improve performance.
Additionally, avoid processing untrusted or suspicious PDF files that may contain maliciously crafted large array-based streams.