{ "threat_severity" : "Moderate", "public_date" : "2026-01-10T04:41:20Z", "bugzilla" : { "description" : "pypdf: pypdf: Denial of Service via crafted PDF with missing /Root object", "id" : "2428428", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2428428" }, "cvss3" : { "cvss3_base_score" : "6.5", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status" : "draft" }, "cwe" : "CWE-400", "details" : [ "pypdf is a free and open-source pure-python PDF library. Prior to version 6.6.0, pypdf has possible long runtimes for missing /Root object with large /Size values. An attacker who uses this vulnerability can craft a PDF which leads to possibly long runtimes for actually invalid files. This can be achieved by omitting the /Root entry in the trailer, while using a rather large /Size value. Only the non-strict reading mode is affected. This issue has been patched in version 6.6.0.", "A flaw was found in pypdf. A remote attacker can exploit this vulnerability by crafting a malicious PDF file that omits the /Root entry in the trailer and uses a large /Size value. This can lead to excessively long processing times when the PDF is read in non-strict mode, resulting in a Denial of Service (DoS) for the affected system." ], "statement" : "This vulnerability is rated Moderate. The `pypdf` library, when processing a specially crafted PDF file that omits the `/Root` entry and uses a large `/Size` value in non-strict mode, can lead to excessively long processing times, resulting in a Denial of Service. This affects various components within Red Hat Ansible Automation Platform, OpenShift Lightspeed, Red Hat Enterprise Linux AI, Red Hat OpenShift AI, and Ansible Services.", "package_state" : [ { "product_name" : "OpenShift Lightspeed", "fix_state" : "Fix deferred", "package_name" : "openshift-lightspeed/lightspeed-ocp-rag-rhel9", "cpe" : "cpe:/a:redhat:openshift_lightspeed" }, { "product_name" : "OpenShift Lightspeed", "fix_state" : "Fix deferred", "package_name" : "openshift-lightspeed/lightspeed-service-api-rhel9", "cpe" : "cpe:/a:redhat:openshift_lightspeed" }, { "product_name" : "OpenShift Lightspeed", "fix_state" : "Fix deferred", "package_name" : "openshift-lightspeed-tech-preview/lightspeed-rag-tool-rhel9", "cpe" : "cpe:/a:redhat:openshift_lightspeed" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-24/de-minimal-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-24/de-minimal-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-24/de-supported-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-24/de-supported-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-24/ee-minimal-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-24/ee-minimal-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-24/ee-supported-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-24/ee-supported-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-25/aap-cloud-metrics-collector-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-25/ansible-dev-tools-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-25/de-minimal-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-25/de-minimal-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-25/de-supported-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-25/de-supported-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-25/ee-cloud-services-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-25/ee-minimal-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-25/ee-minimal-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-25/ee-supported-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-25/ee-supported-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-25/lightspeed-chatbot-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-26/ansible-dev-tools-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-26/de-minimal-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-26/de-supported-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-26/ee-minimal-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-26/ee-supported-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-26/lightspeed-chatbot-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform/ee-minimal-rhel8", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform/ee-minimal-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Ansible Automation Platform 2", "fix_state" : "Fix deferred", "package_name" : "ansible-automation-platform-tech-preview/ansible-devspaces-rhel9", "cpe" : "cpe:/a:redhat:ansible_automation_platform:2" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Fix deferred", "package_name" : "rhelai3/bootc-cuda-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3", "fix_state" : "Fix deferred", "package_name" : "rhelai3/disk-image-cuda-rhel9", "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3" }, { "product_name" : "Red Hat OpenShift AI (RHOAI)", "fix_state" : "Fix deferred", "package_name" : "rhoai/odh-llama-stack-core-rhel9", "cpe" : "cpe:/a:redhat:openshift_ai" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-22690\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-22690\nhttps://github.com/py-pdf/pypdf/commit/294165726b646bb7799be1cc787f593f2fdbcf45\nhttps://github.com/py-pdf/pypdf/pull/3594\nhttps://github.com/py-pdf/pypdf/releases/tag/6.6.0\nhttps://github.com/py-pdf/pypdf/security/advisories/GHSA-4xc4-762w-m6cg" ], "name" : "CVE-2026-22690", "csaw" : false }