EXECUTIVE SUMMARY:
The vulnerability CVE-2026-33123 is a moderate severity issue CVSS score: 5.1 affecting the pypdf library, specifically versions prior to 6.9.1. It arises from inefficient decoding of array-based streams, where specially crafted PDF files containing large numbers of entries can trigger excessive processing. An attacker can exploit this weakness to cause significant CPU consumption and increased memory usage, leading to degraded performance or denial-of-service conditions. The issue does not require user interaction or elevated privileges, making it easier to exploit in environments that process untrusted PDF inputs. The vulnerability impacts system availability without affecting confidentiality or integrity. It is categorized under uncontrolled resource consumption and inefficient algorithmic complexity weaknesses. Overall, this flaw highlights the risk of handling maliciously crafted PDF data in affected versions of the library.
RECOMMENDATION:
We strongly recommend you update pypdf to version 6.9.1.
REFERENCES:
The following reports contain further technical details: