NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-41312

Summary	pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using `/FlateDecode` with a `/Predictor` unequal 1 and large predictor parameters. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually.
Publication Date	April 23, 2026, 7:16 a.m.
Registration Date	April 25, 2026, 4:06 a.m.
Last Update	April 24, 2026, 11:50 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11	security-advisories@github.com
2	https://github.com/py-pdf/pypdf/pull/3734	security-advisories@github.com
3	https://github.com/py-pdf/pypdf/releases/tag/6.10.2	security-advisories@github.com
4	https://github.com/py-pdf/pypdf/security/advisories/GHSA-7gw9-cf7v-778f	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-789	過剰なサイズ値のメモリ割り当て	https://cwe.mitre.org/data/definitions/789.html