An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer.
This has been fixed in pypdf==6.13.0.
If you cannot upgrade yet, consider applying the changes from PR #3830.
{
"github_reviewed_at": "2026-06-16T14:05:57Z",
"nvd_published_at": null,
"github_reviewed": true,
"cwe_ids": [
"CWE-835"
],
"severity": "MODERATE"
}