Denial of Service Vulnerability in pypdf by PyPDF
CVE-2026-41314

4.8MEDIUM

Key Information:

Vendor

Py-PDF

Status
PyPDF
Vendor
CVE Published:
22 April 2026

What is CVE-2026-41314?

The pypdf library, an open-source pure-Python PDF handling tool, is susceptible to a denial of service vulnerability in versions before 6.10.2. Attackers can exploit this flaw by crafting specially formatted PDFs that trigger excessive RAM consumption during decoding, specifically when utilizing the /FlateDecode stream with large size parameters. This vulnerability can result in service interruptions and degraded performance. It has been mitigated in pypdf version 6.10.2, and users are encouraged to update or apply patches manually to safeguard against potential exploitation.

Affected Version(s)

pypdf < 6.10.2

References

https://github.com/py-pdf/pypdf/security/advisories/GHSA-...
x_refsource_CONFIRM
https://github.com/py-pdf/pypdf/pull/3734
x_refsource_MISC
https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce...
x_refsource_MISC

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
Unknown

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.