CVE-2026-41314
Memory Exhaustion via FlateDecode Image in pypdf Before
Publication date: 2026-04-22
Last updated on: 2026-04-27
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| pypdf_project | pypdf | to 6.10.2 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-789 | The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in pypdf, a pure-python PDF library, in versions prior to 6.10.2. An attacker can craft a specially designed PDF file that uses the /FlateDecode filter with large size values for an image. When this PDF is processed, it causes the system's RAM to be exhausted, potentially leading to denial of service or application crashes.
How can this vulnerability impact me? :
This vulnerability can impact you by causing your system or application that uses the vulnerable pypdf library to consume excessive RAM when processing a maliciously crafted PDF. This can lead to performance degradation, application crashes, or denial of service conditions.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade pypdf to version 6.10.2 or later where the issue has been fixed.
As a temporary workaround, you may manually apply the changes from the patch that fixes the vulnerability.