Nixpkgs security tracker

Untriaged

Permalink CVE-2026-33123

created 4 weeks, 1 day ago

pypdf has inefficient decoding of array-based streams

pypdf is a free and open-source pure-python PDF library. Versions prior to 6.9.1 allow an attacker to craft a malicious PDF which leads to long runtimes and/or large memory usage. Exploitation requires accessing an array-based stream with many entries. This issue has been fixed in version 6.9.1.

References

https://github.com/py-pdf/pypdf/security/advisories/GHSA-qpxp-75px-xjcp x_refsource_CONFIRM
https://github.com/py-pdf/pypdf/pull/3686 x_refsource_MISC
https://github.com/py-pdf/pypdf/releases/tag/6.9.1 x_refsource_MISC

Affected products

pypdf

==< 6.9.1

Matching in nixpkgs

pkgs.capypdf

Fully color managed PDF generation library

nixos-unstable 0.20.0
- nixpkgs-unstable 0.20.0
- nixos-unstable-small 0.20.0
nixos-25.11 0.18.0
- nixos-25.11-small 0.18.0
- nixpkgs-25.11-darwin 0.18.0

pkgs.python312Packages.pypdf

Pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files

nixos-25.11 6.8.0
- nixos-25.11-small 6.8.0
- nixpkgs-25.11-darwin 6.8.0

pkgs.python313Packages.pypdf

Pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files

nixos-unstable 6.8.0
- nixpkgs-unstable 6.8.0
- nixos-unstable-small 6.8.0
nixos-25.11 6.8.0
- nixos-25.11-small 6.8.0
- nixpkgs-25.11-darwin 6.8.0

pkgs.python314Packages.pypdf

Pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files

nixos-unstable 6.8.0
- nixpkgs-unstable 6.8.0
- nixos-unstable-small 6.8.0

pkgs.python312Packages.pypdf2

Pure-Python library built as a PDF toolkit

nixos-25.11 pypdf2-3.0.1
- nixos-25.11-small pypdf2-3.0.1
- nixpkgs-25.11-darwin pypdf2-3.0.1

pkgs.python312Packages.pypdf3

Pure-Python library built as a PDF toolkit

nixos-25.11 pypdf3-1.0.6
- nixos-25.11-small pypdf3-1.0.6
- nixpkgs-25.11-darwin pypdf3-1.0.6

pkgs.python313Packages.pypdf2

Pure-Python library built as a PDF toolkit

nixos-unstable pypdf2-3.0.1
- nixpkgs-unstable pypdf2-3.0.1
- nixos-unstable-small pypdf2-3.0.1
nixos-25.11 pypdf2-3.0.1
- nixos-25.11-small pypdf2-3.0.1
- nixpkgs-25.11-darwin pypdf2-3.0.1

pkgs.python313Packages.pypdf3

Pure-Python library built as a PDF toolkit

nixos-unstable pypdf3-1.0.6
- nixpkgs-unstable pypdf3-1.0.6
- nixos-unstable-small pypdf3-1.0.6
nixos-25.11 pypdf3-1.0.6
- nixos-25.11-small pypdf3-1.0.6
- nixpkgs-25.11-darwin pypdf3-1.0.6