CVE-2026-41314
Received Received - Intake
Memory Exhaustion via FlateDecode Image in pypdf Before

Publication date: 2026-04-22

Last updated on: 2026-04-27

Assigner: GitHub, Inc.

Description
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using `/FlateDecode` with large size values. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-22
Last Modified
2026-04-27
Generated
2026-06-16
AI Q&A
2026-04-23
EPSS Evaluated
2026-06-15
NVD
CVE-2026-41314
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
pypdf_project pypdf to 6.10.2 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-789 The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in pypdf, a pure-python PDF library, in versions prior to 6.10.2. An attacker can craft a specially designed PDF file that uses the /FlateDecode filter with large size values for an image. When this PDF is processed, it causes the system's RAM to be exhausted, potentially leading to denial of service or application crashes.

Impact Analysis

This vulnerability can impact you by causing your system or application that uses the vulnerable pypdf library to consume excessive RAM when processing a maliciously crafted PDF. This can lead to performance degradation, application crashes, or denial of service conditions.

Mitigation Strategies

To mitigate this vulnerability, you should upgrade pypdf to version 6.10.2 or later where the issue has been fixed.

As a temporary workaround, you may manually apply the changes from the patch that fixes the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-41314. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart