CVE-2026-48735
Analyzed Analyzed - Analysis Complete
Memory Exhaustion in PyPDF via XMP Metadata

Publication date: 2026-05-28

Last updated on: 2026-05-29

Assigner: GitHub, Inc.

Description
pypdf is a free and open-source pure-python PDF library. Prior to 6.12.1, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements. This vulnerability is fixed in 6.12.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-28
Last Modified
2026-05-29
Generated
2026-06-17
AI Q&A
2026-05-28
EPSS Evaluated
2026-06-16
NVD
CVE-2026-48735
EUVD
EUVD-2026-32912
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pypdf_project pypdf to 6.12.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-48735 is a vulnerability in the pypdf library that allows an attacker to craft PDF files with manipulated XMP metadata streams. When pypdf parses these crafted PDFs, it processes large or unnecessary XMP metadata elements, which leads to excessive memory consumption and potential RAM exhaustion.

This issue affects versions of pypdf prior to 6.12.1 and is classified under CWE-770, which involves allocation of resources without proper limits.

The vulnerability has been fixed in version 6.12.1 by introducing limits on the input size and element count for XMP metadata, preventing excessive memory usage.

Impact Analysis

This vulnerability can lead to excessive memory usage when parsing maliciously crafted PDF files containing large or unnecessary XMP metadata. This can cause the application using pypdf to consume large amounts of RAM, potentially leading to denial-of-service (DoS) conditions due to resource exhaustion.

Such memory exhaustion can degrade system performance, cause crashes, or make the system unresponsive, impacting availability.

Detection Guidance

This vulnerability involves the pypdf library parsing crafted PDF files with large or manipulated XMP metadata streams that cause excessive memory usage. Detection would involve identifying PDF files with unusually large or complex XMP metadata being processed by pypdf versions prior to 6.12.1.

Since the issue is triggered during PDF parsing, monitoring memory usage spikes when processing PDFs with pypdf could indicate exploitation attempts.

There are no specific commands provided in the resources to detect this vulnerability directly.

Mitigation Strategies

The primary mitigation step is to upgrade the pypdf library to version 6.12.1 or later, where the vulnerability is fixed by limiting the input size and element count for XMP metadata.

If upgrading immediately is not possible, applying the changes from pull request #3796 can serve as a temporary workaround to limit resource consumption during XMP metadata parsing.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-48735. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart