CVE Vulnerabilities

CVE-2026-41314

Memory Allocation with Excessive Size Value

Published: Apr 22, 2026 | Modified: Apr 27, 2026
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
5.5 MODERATE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using /FlateDecode with large size values. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually.

Weakness

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

Affected Software

NameVendorStart VersionEnd Version
PypdfPypdf_project*6.10.2 (excluding)
Pypdf2Ubuntuesm-apps/xenial*

Potential Mitigations

References