Denial of Service Vulnerability in pypdf PDF Library by PyPDF
CVE-2026-41312

4.8MEDIUM

Key Information:

Vendor

Py-PDF

Status
PyPDF
Vendor
CVE Published:
22 April 2026

What is CVE-2026-41312?

The pypdf library, a popular open-source PDF management tool, contains a vulnerability affecting versions prior to 6.10.2 that allows attackers to create malicious PDF files. By exploiting this flaw, an attacker can cause excessive RAM usage, potentially leading to a denial of service condition. This occurs when specific compression streams, particularly those utilizing the '/FlateDecode' filter with a '/Predictor' value that is not equal to 1 and large predictor parameters, are processed. The developers have released a patch (version 6.10.2) to resolve this issue, and users are advised to upgrade to this version or apply the necessary changes from the provided patch manually.

Affected Version(s)

pypdf < 6.10.2

References

https://github.com/py-pdf/pypdf/security/advisories/GHSA-...
x_refsource_CONFIRM
https://github.com/py-pdf/pypdf/pull/3734
x_refsource_MISC
https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce...
x_refsource_MISC

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.