<Vulnerability name="CVE-2026-59937">
    <DocumentDistribution xml:lang="en">Copyright © 2012 Red Hat, Inc. All rights reserved.</DocumentDistribution>
    <ThreatSeverity>Moderate</ThreatSeverity>
    <PublicDate>2026-07-08T17:25:34</PublicDate>
    <Bugzilla id="2498170" url="https://bugzilla.redhat.com/show_bug.cgi?id=2498170" xml:lang="en:us">
pypdf: pypdf: Denial of Service via crafted PDF with malformed cross-reference streams
    </Bugzilla>
    <CVSS3 status="draft">
        <CVSS3BaseScore>6.5</CVSS3BaseScore>
        <CVSS3ScoringVector>CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H</CVSS3ScoringVector>
    </CVSS3>
    <CWE>CWE-1050</CWE>
    <Details xml:lang="en:us" source="Mitre">
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with repeated malformed cross-reference streams that cause pypdf to spend long runtimes recovering broken cross-reference table entries. This issue is fixed in version 6.14.0.
    </Details>
    <Details xml:lang="en:us" source="Red Hat">
A flaw was found in pypdf, a pure-python PDF library. A remote attacker could exploit this vulnerability by crafting a malicious PDF file containing repeated malformed cross-reference streams. This could cause the pypdf library to spend excessive time recovering broken cross-reference table entries, leading to a denial of service (DoS) condition for applications processing such files.
    </Details>
    <Statement xml:lang="en:us">
This Moderate-impact denial of service flaw in the pypdf library affects applications processing untrusted PDF files. An attacker could exploit this by providing a specially crafted PDF with malformed cross-reference streams, causing significantly extended processing time.
    </Statement>
    <PackageState cpe="cpe:/a:redhat:exploit_intelligence:0">
        <ProductName>Exploit Intelligence</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>exploit-intelligence-tech-preview/vulnerability-analysis-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:openshift_lightspeed">
        <ProductName>OpenShift Lightspeed</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>openshift-lightspeed/lightspeed-ocp-rag-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:openshift_lightspeed">
        <ProductName>OpenShift Lightspeed</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>openshift-lightspeed-tech-preview/lightspeed-rag-tool-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:ansible_automation_platform:2">
        <ProductName>Red Hat Ansible Automation Platform 2</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>ansible-automation-platform-25/lightspeed-chatbot-rhel8</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:enterprise_linux_ai:3">
        <ProductName>Red Hat Enterprise Linux AI (RHEL AI) 3</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>rhelai3/bootc-cuda-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:enterprise_linux_ai:3">
        <ProductName>Red Hat Enterprise Linux AI (RHEL AI) 3</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>rhelai3/bootc-gaudi-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:enterprise_linux_ai:3">
        <ProductName>Red Hat Enterprise Linux AI (RHEL AI) 3</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>rhelai3/bootc-rocm-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:enterprise_linux_ai:3">
        <ProductName>Red Hat Enterprise Linux AI (RHEL AI) 3</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>rhelai3/disk-image-cuda-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:openshift_ai">
        <ProductName>Red Hat OpenShift AI (RHOAI)</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>rhoai/odh-llama-stack-core-rhel9</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:quay:3">
        <ProductName>Red Hat Quay 3</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>quay/quay-rhel8</PackageName>
    </PackageState>
    <PackageState cpe="cpe:/a:redhat:quay:3">
        <ProductName>Red Hat Quay 3</ProductName>
        <FixState>Fix deferred</FixState>
        <PackageName>quay/quay-rhel9</PackageName>
    </PackageState>
    <References xml:lang="en:us">
https://www.cve.org/CVERecord?id=CVE-2026-59937
https://nvd.nist.gov/vuln/detail/CVE-2026-59937
https://github.com/py-pdf/pypdf/commit/b5fc5aa714f4b696fb9b1deaa35a9e4a4eb50dae
https://github.com/py-pdf/pypdf/pull/3887
https://github.com/py-pdf/pypdf/releases/tag/6.14.0
https://github.com/py-pdf/pypdf/security/advisories/GHSA-55h5-xmcq-c37v
    </References>
</Vulnerability>