Thanks to visit codestin.com
Credit goes to github.com

Skip to content

fix(deps): Update security vulnerability in pypdf to v6.7.4 [SECURITY]#4248

Open
utic-renovate[bot] wants to merge 1 commit intomainfrom
renovate/security-updates
Open

fix(deps): Update security vulnerability in pypdf to v6.7.4 [SECURITY]#4248
utic-renovate[bot] wants to merge 1 commit intomainfrom
renovate/security-updates

Conversation

@utic-renovate
Copy link
Contributor

@utic-renovate utic-renovate bot commented Feb 19, 2026
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
pypdf (changelog) 6.7.36.7.4 age confidence

GitHub Vulnerability Alerts

CVE-2026-28351

Impact

An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter.

Patches

This has been fixed in pypdf==6.7.4.

Workarounds

If you cannot upgrade yet, consider applying the changes from PR #​3664.

Release Notes

py-pdf/pypdf (pypdf)

v6.7.4

Compare Source

Security (SEC)
  • Improve the performance of the ASCIIHexDecode filter (#​3666)

Full Changelog

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

@utic-renovate utic-renovate bot changed the title fix(deps): Update security vulnerability in pypdf to v6.7.1 [SECURITY] fix(deps): Update security vulnerability in pypdf to v6.7.1 [SECURITY] - autoclosed Feb 20, 2026
@utic-renovate utic-renovate bot closed this Feb 20, 2026
@utic-renovate utic-renovate bot deleted the renovate/security-updates branch February 20, 2026 00:41
@utic-renovate utic-renovate bot changed the title fix(deps): Update security vulnerability in pypdf to v6.7.1 [SECURITY] - autoclosed fix(deps): Update security vulnerability in pypdf to v6.7.2 [SECURITY] Feb 25, 2026
@utic-renovate utic-renovate bot reopened this Feb 25, 2026
@utic-renovate utic-renovate bot force-pushed the renovate/security-updates branch 2 times, most recently from cfa90a8 to 8cb13f7 Compare February 25, 2026 18:30
@utic-renovate utic-renovate bot changed the title fix(deps): Update security vulnerability in pypdf to v6.7.2 [SECURITY] fix(deps): Update security vulnerability in pypdf to v6.7.2 [SECURITY] - autoclosed Feb 25, 2026
@utic-renovate utic-renovate bot closed this Feb 25, 2026
@utic-renovate utic-renovate bot changed the title fix(deps): Update security vulnerability in pypdf to v6.7.2 [SECURITY] - autoclosed fix(deps): Update security vulnerability in pypdf to v6.7.4 [SECURITY] Mar 2, 2026
@utic-renovate utic-renovate bot reopened this Mar 2, 2026
@utic-renovate utic-renovate bot force-pushed the renovate/security-updates branch from 8cb13f7 to 41dd139 Compare March 2, 2026 00:39
@utic-renovate utic-renovate bot force-pushed the renovate/security-updates branch from 41dd139 to c736c86 Compare March 2, 2026 09:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants