An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references.
This has been fixed in pypdf==6.12.2.
If you cannot upgrade yet, consider applying the changes from PR #3805.
{
"github_reviewed_at": "2026-06-16T13:47:08Z",
"nvd_published_at": null,
"github_reviewed": true,
"cwe_ids": [
"CWE-400"
],
"severity": "MODERATE"
}