{
  "threat_severity" : "Moderate",
  "public_date" : "2026-02-25T02:45:37Z",
  "bugzilla" : {
    "description" : "pypdf: possible infinite loop when loading circular /Prev entries in cross-reference streams",
    "id" : "2442543",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2442543"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-835",
  "details" : [ "pypdf is a free and open-source pure-python PDF library. Prior to 6.7.2, an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading the file. This has been fixed in pypdf 6.7.2. As a workaround, one may apply the patch manually.", "A flaw was found in pypdf. Processing a specially crafted PDF document, specifically with circular /Prev references in the cross-reference (xref) chain, can cause an infinite loop and a high consumption of CPU, resulting in a denial of service." ],
  "statement" : "To exploit this flaw, an attacker must be able to supply a crafted PDF file to be processed by an application using the pypdf library. This issue can cause the application to enter an infinite loop and consume a high amount of CPU resources, eventually resulting in a denial of service with no other security impact. Due to these reasons, this vulnerability has been rated with a moderate impact.",
  "affected_release" : [ {
    "product_name" : "Red Hat OpenShift AI 2.25",
    "release_date" : "2026-04-23T00:00:00Z",
    "advisory" : "RHSA-2026:10184",
    "cpe" : "cpe:/a:redhat:openshift_ai:2.25::el9",
    "package" : "rhoai/odh-llama-stack-core-rhel9:1775144403"
  }, {
    "product_name" : "Red Hat Quay 3.1",
    "release_date" : "2026-03-24T00:00:00Z",
    "advisory" : "RHSA-2026:5665",
    "cpe" : "cpe:/a:redhat:quay:3.10::el8",
    "package" : "quay/quay-rhel8:1773971077"
  }, {
    "product_name" : "Red Hat Quay 3.12",
    "release_date" : "2026-03-18T00:00:00Z",
    "advisory" : "RHSA-2026:4942",
    "cpe" : "cpe:/a:redhat:quay:3.12::el8",
    "package" : "quay/quay-rhel8:1773771962"
  }, {
    "product_name" : "Red Hat Quay 3.15",
    "release_date" : "2026-04-03T00:00:00Z",
    "advisory" : "RHSA-2026:6568",
    "cpe" : "cpe:/a:redhat:quay:3.15::el8",
    "package" : "quay/quay-rhel8:1775169219"
  }, {
    "product_name" : "Red Hat Quay 3.16",
    "release_date" : "2026-04-02T00:00:00Z",
    "advisory" : "RHSA-2026:6497",
    "cpe" : "cpe:/a:redhat:quay:3.16::el9",
    "package" : "quay/quay-rhel9:1775069491"
  }, {
    "product_name" : "Red Hat Quay 3.16",
    "release_date" : "2026-04-03T00:00:00Z",
    "advisory" : "RHSA-2026:6567",
    "cpe" : "cpe:/a:redhat:quay:3.16::el9",
    "package" : "quay/quay-rhel9:1775169226"
  }, {
    "product_name" : "Red Hat Quay 3.9",
    "release_date" : "2026-03-19T00:00:00Z",
    "advisory" : "RHSA-2026:5168",
    "cpe" : "cpe:/a:redhat:quay:3.9::el8",
    "package" : "quay/quay-rhel8:1773936323"
  } ],
  "package_state" : [ {
    "product_name" : "OpenShift Lightspeed",
    "fix_state" : "Affected",
    "package_name" : "openshift-lightspeed/lightspeed-ocp-rag-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_lightspeed"
  }, {
    "product_name" : "OpenShift Lightspeed",
    "fix_state" : "Affected",
    "package_name" : "openshift-lightspeed/lightspeed-service-api-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_lightspeed"
  }, {
    "product_name" : "OpenShift Lightspeed",
    "fix_state" : "Affected",
    "package_name" : "openshift-lightspeed-tech-preview/lightspeed-rag-tool-rhel9",
    "cpe" : "cpe:/a:redhat:openshift_lightspeed"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Will not fix",
    "package_name" : "rhelai3/bootc-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  }, {
    "product_name" : "Red Hat Enterprise Linux AI (RHEL AI) 3",
    "fix_state" : "Will not fix",
    "package_name" : "rhelai3/disk-image-cuda-rhel9",
    "cpe" : "cpe:/a:redhat:enterprise_linux_ai:3"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2026-27628\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-27628\nhttps://github.com/py-pdf/pypdf/commit/0fbd95938724ad2d72688d4112207c0590f0483f\nhttps://github.com/py-pdf/pypdf/issues/3654\nhttps://github.com/py-pdf/pypdf/security/advisories/GHSA-2rw7-x74f-jg35" ],
  "name" : "CVE-2026-27628",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}