CVE-2026-48155
Memory Exhaustion in PyPDF Text Extraction
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| py-pdf | pypdf | 6.12.0 |
| py-pdf | pypdf | to 6.12.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-400 | The product does not properly control the allocation and maintenance of a limited resource. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can lead to large memory consumption on systems that process maliciously crafted PDFs using pypdf's text extraction in layout mode.
Excessive memory usage can degrade system performance, cause application crashes, or potentially lead to denial of service conditions.
Can you explain this vulnerability to me?
The CVE-2026-48155 vulnerability affects the pypdf library versions prior to 6.12.0. An attacker can exploit this vulnerability by crafting a specially designed PDF that causes excessive memory usage when extracting text in layout mode with large character offsets.
This issue is due to uncontrolled resource consumption, categorized under CWE-400, where improper handling of large character offsets during text extraction leads to large memory usage.
The vulnerability was fixed in pypdf version 6.12.0, which includes a patch to prevent this excessive memory usage.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves excessive memory usage when extracting text in layout mode with large character offsets using the pypdf library prior to version 6.12.0.
Detection would involve identifying usage of vulnerable pypdf versions and monitoring for unusually high memory consumption during PDF text extraction in layout mode.
Since the vulnerability is specific to the pypdf library's text extraction process, there are no direct network commands to detect exploitation.
To check the installed pypdf version, you can run the following command in your Python environment:
- python -c "import pypdf; print(pypdf.__version__)"
Monitoring system memory usage during PDF processing tasks may help detect abnormal behavior.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation is to upgrade the pypdf library to version 6.12.0 or later, where this vulnerability is fixed.
If an immediate upgrade is not possible, applying the changes from pull request #3790 can serve as a temporary workaround.
Additionally, avoid processing untrusted PDFs with text extraction in layout mode until the fix is applied.