CVE-2026-59938
Received Received - Intake

Memory Exhaustion in PyPDF Image Parsing

Vulnerability report for CVE-2026-59938, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-08

Last updated on: 2026-07-08

Assigner: GitHub, Inc.

Description

pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-08
Last Modified
2026-07-08
Generated
2026-07-09
AI Q&A
2026-07-08
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
py_pdf pypdf 6.14.0

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-789 The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-59938 is a vulnerability in the pypdf library prior to version 6.14.0 where an attacker can craft a PDF file with image size values declared much larger than the actual image data. This causes the library to allocate excessive memory during image parsing, leading to potential resource exhaustion.

The issue arises because the library does not limit the requested image size, allowing malicious PDFs to trigger large memory usage. This vulnerability was fixed in version 6.14.0 by introducing a maximum buffer size limit for images, preventing excessive memory allocation.

Impact Analysis

This vulnerability can lead to denial-of-service (DoS) attacks by causing the application using pypdf to consume excessive memory when processing maliciously crafted PDF files.

Such excessive memory usage can result in system slowdowns, crashes, or unavailability of services that rely on pypdf for PDF processing.

Detection Guidance

This vulnerability involves processing maliciously crafted PDF files with image size declarations that are excessively large compared to the actual data, causing high memory usage during image parsing in pypdf versions prior to 6.14.0.

To detect this vulnerability on your system, you can check the version of the pypdf library installed. If it is older than 6.14.0, your system is potentially vulnerable.

Suggested commands to check the installed pypdf version:

  • pip show pypdf
  • pip list | grep pypdf

Additionally, monitoring for unusually high memory usage or crashes when processing PDF files with images could indicate exploitation attempts.

Mitigation Strategies

The primary mitigation step is to upgrade the pypdf library to version 6.14.0 or later, where the vulnerability has been fixed by enforcing limits on image size during parsing.

If upgrading immediately is not possible, applying the patch from pull request #3888 can serve as a temporary workaround. This patch introduces a maximum buffer size limit for images to prevent excessive memory allocation.

In general, avoid processing untrusted PDF files or implement additional input validation and resource monitoring to detect and prevent potential denial-of-service conditions.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-59938. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart