An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting text in layout mode with large character offsets.
This has been fixed in pypdf==6.12.0.
If developers are unable to immediately upgrade, they should consider applying the changes from PR #3790.
{
"github_reviewed_at": "2026-06-12T18:29:15Z",
"nvd_published_at": "2026-05-28T16:16:28Z",
"github_reviewed": true,
"cwe_ids": [
"CWE-400"
],
"severity": "MODERATE"
}