CVE-2026-41313
Received Received - Intake
Denial of Service via Large Trailer in pypdf Before

Publication date: 2026-04-22

Last updated on: 2026-04-27

Assigner: GitHub, Inc.

Description
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to long runtimes. This requires loading a PDF with a large trailer `/Size` value in incremental mode. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-04-27
Generated
2026-05-06
AI Q&A
2026-04-23
EPSS Evaluated
2026-05-05
NVD
CVE-2026-41313
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pypdf_project pypdf to 6.10.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-834 The product performs an iteration or loop without sufficiently limiting the number of times that the loop is executed.
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade pypdf to version 6.10.2 or later, where the issue has been fixed.

As a temporary workaround, you may manually apply the changes from the patch that fixes the vulnerability.


Can you explain this vulnerability to me?

The vulnerability exists in the pypdf library versions prior to 6.10.2. An attacker can craft a specially designed PDF file that contains a large trailer `/Size` value when loaded in incremental mode. This crafted PDF causes the library to experience long runtimes, potentially leading to performance degradation or denial of service.

This issue has been fixed in pypdf version 6.10.2, and as a workaround, users can manually apply the patch changes.


How can this vulnerability impact me? :

This vulnerability can impact you by causing long runtimes or performance issues when processing maliciously crafted PDF files using vulnerable versions of pypdf. This could lead to denial of service conditions or resource exhaustion on systems that automatically process PDFs.


How can this vulnerability be detected on my network or system? Can you suggest some commands?

This vulnerability affects pypdf versions prior to 6.10.2 when loading PDFs with a large trailer `/Size` value in incremental mode, causing long runtimes.

To detect if your system is vulnerable, first check the installed version of pypdf.

  • Run the command: pip show pypdf

If the version is earlier than 6.10.2, your system may be vulnerable.

There are no specific network detection commands or signatures available from the provided information.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart