CVE-2026-27025 – This vulnerability in pypdf allows attackers to... (How to Fix)

Q: What is the severity of CVE-2026-27025?

CVE-2026-27025 has a CVSS score of 5.5 (MEDIUM). This vulnerability in pypdf allows attackers to craft malicious PDF files that cause excessive memory consumption and long processing times when parsing font /ToUnicode entries during text extraction. It affects all systems using pypdf versions before 6.7.1 for PDF processing. Users who process untrusted PDF files are particularly vulnerable.

📋 TL;DR

This vulnerability in pypdf allows attackers to craft malicious PDF files that cause excessive memory consumption and long processing times when parsing font /ToUnicode entries during text extraction. It affects all systems using pypdf versions before 6.7.1 for PDF processing. Users who process untrusted PDF files are particularly vulnerable.

💻 Affected Systems

Products:

pypdf

Versions: All versions before 6.7.1

Operating Systems: All platforms running Python

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using pypdf to parse PDF files is vulnerable, particularly those performing text extraction operations.

📦 What is this software?

Pypdf by Pypdf Project

View all CVEs affecting Pypdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Denial of service through resource exhaustion, potentially crashing applications or consuming all available memory on the system.

🟠

Likely Case

Degraded performance and increased resource usage when processing malicious PDFs, leading to application slowdowns or timeouts.

🟢

If Mitigated

Minimal impact with proper input validation and resource limits in place, though processing may still be slower.

🌐 Internet-Facing: MEDIUM - Web applications processing user-uploaded PDFs are vulnerable, but exploitation requires specific PDF parsing.

🏢 Internal Only: LOW - Internal systems typically process trusted PDFs, reducing attack surface.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW - Requires only crafting a malicious PDF file.

Exploitation is straightforward: create a PDF with specially crafted /ToUnicode font entries and trigger parsing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.7.1

Vendor Advisory: https://github.com/py-pdf/pypdf/security/advisories/GHSA-wgvp-vg3v-2xq3

Restart Required: No

Instructions:

1. Update pypdf using pip: 'pip install --upgrade pypdf==6.7.1' 2. Verify the update with: 'pip show pypdf' 3. Test PDF processing functionality.

🔧 Temporary Workarounds

Input validation and sanitization

all

Implement strict validation of PDF files before processing, rejecting files with suspicious font entries.

Resource limiting

linux

Set memory and time limits for PDF parsing operations to prevent resource exhaustion.

import resource; resource.setrlimit(resource.RLIMIT_AS, (max_memory, max_memory))

🧯 If You Can't Patch

Implement strict file upload controls and only accept PDFs from trusted sources.
Isolate PDF processing in containerized environments with strict resource limits.

🔍 How to Verify

Check if Vulnerable:

Check pypdf version: 'pip show pypdf | grep Version' - if version is less than 6.7.1, system is vulnerable.

Check Version:

pip show pypdf | grep Version

Verify Fix Applied:

After updating, verify version is 6.7.1 or higher and test processing known malicious PDF samples.

📡 Detection & Monitoring

Log Indicators:

Unusually high memory usage during PDF processing
Long-running PDF parsing operations
Application crashes or timeouts when handling PDFs

Network Indicators:

Large PDF file uploads followed by increased server resource consumption

SIEM Query:

source="application.log" AND ("memory exhaustion" OR "PDF processing timeout" OR "pypdf")

📊 Metadata

CVE ID: CVE-2026-27025

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-834

Published: February 20, 2026

Last Updated: February 24, 2026

🔗 References

https://github.com/py-pdf/pypdf/commit/77d7b8d7cfbe8dd179858dfa42666f73fc6e57a2 Patch
https://github.com/py-pdf/pypdf/pull/3646 Issue Tracking,Patch
https://github.com/py-pdf/pypdf/releases/tag/6.7.1 Product,Release Notes
https://github.com/py-pdf/pypdf/security/advisories/GHSA-wgvp-vg3v-2xq3 Patch,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2026-27025, you might also want to check these: