CVE-2026-33123

Publication date 24 March 2026

Last updated 24 March 2026

Ubuntu priority

Description

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
pypdf	25.10 questing	Needs evaluation
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2026-33123
https://github.com/py-pdf/pypdf/pull/3686
https://github.com/py-pdf/pypdf/releases/tag/6.9.1
https://github.com/py-pdf/pypdf/security/advisories/GHSA-qpxp-75px-xjcp

CVE-2026-33123

Description

Status

References

Other references

Access our resources on patching vulnerabilities