CVE-2026-31826
Memory Exhaustion Vulnerability in pypdf Content Stream Parsing
Publication date: 2026-03-10
Last updated on: 2026-03-17
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pypdf_project | pypdf | to 6.8.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the pypdf library, a pure-python PDF library. Before version 6.8.0, an attacker could craft a specially designed PDF file that causes the library to use a large amount of memory. This happens because the library parses a content stream with a very large /Length value, even if the actual data inside the stream is much smaller.
How can this vulnerability impact me? :
The impact of this vulnerability is high memory usage when processing maliciously crafted PDF files. This could lead to denial of service conditions by exhausting system memory resources, potentially causing the application using pypdf to crash or become unresponsive.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
I don't know
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade the pypdf library to version 6.8.0 or later, where the issue has been fixed.