Security Advisory

CVE-2026-40260

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-04-16 23:18:26

Last updated 2026-04-17 18:42:05

Assigner GitHub_M

State PUBLISHED

Description

pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has been fixed in version 6.10.0.

← Browse all CVEs View on cve.org ↗