PyPI: pypdf
CVE-2026-22691
Safety vulnerability ID: SFTY-20260109-47444
Safety legacy ID: pyup.io-84345
Affected versions of the pypdf package are vulnerable to Denial of Service (DoS) due to inefficient cross-reference table rebuilding when handling malformed startxref data in non-strict mode. In pypdf._reader.PdfReader._rebuild_xref_table(), the non-strict recovery path scans the entire PDF buffer with a re.finditer() pattern to rediscover obj markers, which can take excessively long on inputs dominated by whitespace.
Overview
pypdf has possible long runtimes for malformed startxref
Advisory
Affected versions of the pypdf package are vulnerable to Denial of Service (DoS) due to inefficient cross-reference table rebuilding when handling malformed startxref data in non-strict mode. In pypdf._reader.PdfReader._rebuild_xref_table(), the non-strict recovery path scans the entire PDF buffer with a re.finditer() pattern to rediscover obj markers, which can take excessively long on inputs dominated by whitespace.
How to Fix
Mitigation and Workarounds
---
Vulnerable Functions
Functions linked to known vulnerabilities.
References
- https://getsafety.com/vulnerabilities/SFTY-20260109-47444/CVE-2026-22691
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-22691
- https://github.com/advisories/GHSA-4f6g-68pf-7vhv
- https://github.com/py-pdf/pypdf/security/advisories/GHSA-4f6g-68pf-7vhv
- https://github.com/py-pdf/pypdf/pull/3594
- https://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45
- https://github.com/py-pdf/pypdf/releases/tag/6.6.0
- https://nvd.nist.gov/vuln/detail/CVE-2026-22691
- https://github.com/advisories/GHSA-4f6g-68pf-7vhv
Verified by Safety
Our Cybersecurity Intelligence Team reviewed this vulnerability. We combine public data with our own research to find issues not yet reported to public sources.
Learn more