Listen to this Post
How the CVE Works
The vulnerability is an XML Entity Expansion (XEE) attack, also known as a “Billion Laughs” attack, residing in pypdf’s XMP metadata parser. XMP metadata is stored within a PDF as an XML stream, and pypdf processes this XML using an XML parser. An attacker can craft a malicious PDF file that includes a Document Type Definition (DTD) in the XMP metadata with nested, recursive entity declarations. For example, a DTD might define an entity `a` that expands to a very long string, which then references another entity `b` that expands to multiple copies of a, and so on. When pypdf’s XML parser processes this DTD, it expands these entities recursively. Due to the lack of proper restrictions on the depth or size of entity expansions in the vulnerable versions, this process leads to an exponential expansion of the input text. Consequently, a small malicious XMP stream (a few kilobytes) can trigger the allocation of a massive amount of memory (potentially hundreds of megabytes or even gigabytes) within the parser, leading to memory exhaustion. The parsing of the XMP metadata is triggered automatically when pypdf reads a PDF file to extract its metadata, making this a passive vulnerability that requires no special user interaction beyond processing the file. The attack surface is limited to applications that parse XMP metadata from untrusted PDFs using pypdf. The vulnerability is classified under CWE-776, which pertains to improper restriction of recursive entity references in DTDs (‘XML Entity Expansion’).
DailyCVE Form
Platform: pypdf
Version: <6.10.0
Vulnerability: XEE memory exhaustion
Severity: Moderate
date: 2026-04-10
Prediction: 2026-04-10
What Undercode Say:
Bash Commands to Identify Vulnerable Instances:
Check installed pypdf version pip show pypdf | grep Version Find all Python environments with pypdf < 6.10.0 find / -name "pypdf" -type d 2>/dev/null | while read d; do if [ -f "$d/<strong>init</strong>.py" ]; then grep -E "^<strong>version</strong>" "$d/<strong>init</strong>.py" | grep -v "6.10.0" fi done
Python Code to Detect Vulnerable pypdf:
import pkg_resources
try:
version = pkg_resources.get_distribution("pypdf").version
if version < "6.10.0":
print(f"VULNERABLE: pypdf version {version}")
else:
print(f"SAFE: pypdf version {version}")
except pkg_resources.DistributionNotFound:
print("pypdf not installed")
Exploit:
A successful exploit requires crafting a PDF with a malicious XMP metadata section containing a DTD with recursive entity declarations. For example:
<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <!DOCTYPE xmp [ <!ENTITY a "aaaaaaaaaa"> <!ENTITY b "&a;&a;&a;&a;&a;&a;&a;&a;&a;&a;"> <!ENTITY c "&b;&b;&b;&b;&b;&b;&b;&b;&b;&b;"> <!-- More nested expansions to exhaust memory --> ]> <x:xmpmeta ...> ... </x:xmpmeta>
When a vulnerable pypdf version parses this XMP metadata, the entity expansion leads to exponential memory consumption, causing a Denial of Service (DoS) by exhausting available RAM.
Protection from this CVE
- Upgrade pypdf: Immediately upgrade to pypdf==6.10.0 or any later version, which contains the patch that mitigates this vulnerability.
- Apply Patch Manually: If an immediate upgrade is not possible, manually apply the changes from the official fix in Pull Request 3724 on GitHub.
- Disable XMP Parsing: As a temporary workaround, modify your application to avoid processing XMP metadata from untrusted PDF files. You can disable the parsing of XMP metadata by overriding the relevant methods or using a custom PDF parser that does not process XMP streams.
Impact
- Denial of Service (DoS): Successful exploitation leads to excessive memory consumption, potentially exhausting all available system RAM.
- Application Crash: The memory exhaustion causes the application using pypdf to crash or become completely unresponsive.
- System Instability: In shared environments, memory exhaustion can affect other processes running on the same system, leading to broader system instability.
- Widespread Exposure: The vulnerability affects all versions of pypdf prior to 6.10.0, making it a significant risk for any application that processes untrusted PDF files using this library.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: github.com
Extra Source Hub:
Undercode

