CVE-2026-48735
Memory Exhaustion in PyPDF via XMP Metadata
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| py-pdf | pypdf | to 6.12.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
CVE-2026-48735 is a vulnerability in the pypdf library that allows an attacker to craft PDF files with manipulated XMP metadata streams. When pypdf parses these crafted PDFs, it processes large or unnecessary XMP metadata elements, which leads to excessive memory consumption and potential RAM exhaustion.
This issue affects versions of pypdf prior to 6.12.1 and is classified under CWE-770, which involves allocation of resources without proper limits.
The vulnerability has been fixed in version 6.12.1 by introducing limits on the input size and element count for XMP metadata, preventing excessive memory usage.
How can this vulnerability impact me? :
This vulnerability can lead to excessive memory usage when parsing maliciously crafted PDF files containing large or unnecessary XMP metadata. This can cause the application using pypdf to consume large amounts of RAM, potentially leading to denial-of-service (DoS) conditions due to resource exhaustion.
Such memory exhaustion can degrade system performance, cause crashes, or make the system unresponsive, impacting availability.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability involves the pypdf library parsing crafted PDF files with large or manipulated XMP metadata streams that cause excessive memory usage. Detection would involve identifying PDF files with unusually large or complex XMP metadata being processed by pypdf versions prior to 6.12.1.
Since the issue is triggered during PDF parsing, monitoring memory usage spikes when processing PDFs with pypdf could indicate exploitation attempts.
There are no specific commands provided in the resources to detect this vulnerability directly.
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade the pypdf library to version 6.12.1 or later, where the vulnerability is fixed by limiting the input size and element count for XMP metadata.
If upgrading immediately is not possible, applying the changes from pull request #3796 can serve as a temporary workaround to limit resource consumption during XMP metadata parsing.