NVD Vulnerability Detail

Search Exploit, PoC

NVD脆弱性検索トップ

->

NVD Vulnerability Detail

CVE-2026-41314

Summary	pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using `/FlateDecode` with large size values. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually.
Publication Date	April 23, 2026, 7:16 a.m.
Registration Date	April 25, 2026, 4:06 a.m.
Last Update	April 24, 2026, 11:50 p.m.

Related information, measures and tools

No	URL	refsource	タグ
1	https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11	security-advisories@github.com
2	https://github.com/py-pdf/pypdf/pull/3734	security-advisories@github.com
3	https://github.com/py-pdf/pypdf/releases/tag/6.10.2	security-advisories@github.com
4	https://github.com/py-pdf/pypdf/security/advisories/GHSA-x284-j5p8-9c5p	security-advisories@github.com

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-789	過剰なサイズ値のメモリ割り当て	https://cwe.mitre.org/data/definitions/789.html