
PEACH
Uma estrutura de isolamento de inquilino
CVE-2026-57204 is a Denial of Service (DoS) vulnerability in pypdf, a free and open-source pure-Python PDF library, caused by uncontrolled memory consumption when parsing maliciously crafted PDF files. The vulnerability affects all pypdf versions prior to 6.13.3 and was published on June 30, 2026, with the fix released on June 17, 2026. It carries a CVSS v4.0 base score of 6.9 (Medium) (GitHub Advisory, GitHub Advisory DB).
The root cause is classified as CWE-400 (Uncontrolled Resource Consumption) and CWE-770 (Allocation of Resources Without Limits or Throttling). pypdf defines a MAX_DECLARED_STREAM_LENGTH constant to cap the amount of data read from PDF content streams; however, this limit was not enforced when a stream lacked a /Length value in its dictionary. An attacker can craft a PDF with a content stream that omits the /Length field, causing pypdf to read and allocate memory without bound, leading to excessive memory usage. The fix, implemented in PR #3871, extends the MAX_DECLARED_STREAM_LENGTH enforcement to cover streams without an explicit length declaration (GitHub Advisory, PR #3871).
Successful exploitation causes excessive memory consumption on the host running pypdf, potentially exhausting available system memory and crashing the process or the host application. The impact is limited to availability — there is no confidentiality or integrity impact, and no lateral movement or data exfiltration risk is associated with this vulnerability. Applications that automatically process user-supplied or externally sourced PDF files (e.g., document management systems, web services) are most at risk of service disruption (GitHub Advisory, GitHub Advisory DB).
/Length dictionary entry, causing pypdf's stream parser to bypass the MAX_DECLARED_STREAM_LENGTH guard./var/log/syslog) recording OOM kill events for the affected process./Length stream entries (detectable via PDF forensic tools).Upgrade pypdf to version 6.13.3 or later, which enforces MAX_DECLARED_STREAM_LENGTH for all content streams regardless of whether a /Length value is present. For users unable to upgrade immediately, the changes from PR #3871 can be applied manually as a workaround. Additionally, consider implementing application-level controls such as file size limits and sandboxing PDF processing to reduce the blast radius of any DoS attempt (GitHub Advisory, Release 6.13.3).
Origem: Este relatório foi gerado usando IA
Avaliação de vulnerabilidade gratuita
Avalie suas práticas de segurança na nuvem em 9 domínios de segurança para comparar seu nível de risco e identificar lacunas em suas defesas.
Marque uma demonstração personalizada
"A melhor experiência do usuário que eu já vi, fornece visibilidade total para cargas de trabalho na nuvem."
"A Wiz fornece um único painel de vidro para ver o que está acontecendo em nossos ambientes de nuvem."
"Sabemos que se a Wiz identifica algo como crítico, na verdade é."