CVE-2026-41314: CWE-789: Memory Allocation with Excessive Size Value in py-pdf pypdf
CVE-2026-41314 is a medium severity vulnerability in the pypdf library versions prior to 6. 10. 2. It involves memory allocation with an excessive size value when processing PDF images using /FlateDecode, which can lead to exhaustion of system RAM. This issue has been fixed in pypdf version 6. 10. 2. Users can also manually apply the patch changes as a workaround.
AI Analysis
Technical Summary
The vulnerability CVE-2026-41314 affects the pypdf library, a pure-Python PDF processing tool. An attacker can craft a malicious PDF containing an image with a /FlateDecode filter specifying an excessively large size value. When pypdf processes this image, it attempts to allocate a large amount of memory, potentially exhausting RAM and causing denial of service. This flaw is classified under CWE-789 (Memory Allocation with Excessive Size Value). The issue is resolved in pypdf version 6.10.2.
Potential Impact
Successful exploitation can cause the consuming application to exhaust available RAM, potentially leading to denial of service or application crashes. There is no indication of code execution or data corruption beyond resource exhaustion. No known exploits are reported in the wild.
Mitigation Recommendations
A fix is available in pypdf version 6.10.2. Users should upgrade to this version to remediate the vulnerability. Alternatively, users may manually apply the patch changes from the official fix if immediate upgrading is not possible. No other mitigation steps are specified.
CVE-2026-41314: CWE-789: Memory Allocation with Excessive Size Value in py-pdf pypdf
Description
CVE-2026-41314 is a medium severity vulnerability in the pypdf library versions prior to 6. 10. 2. It involves memory allocation with an excessive size value when processing PDF images using /FlateDecode, which can lead to exhaustion of system RAM. This issue has been fixed in pypdf version 6. 10. 2. Users can also manually apply the patch changes as a workaround.
CVSS v4.0
Score 4.8medium
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2026-41314 affects the pypdf library, a pure-Python PDF processing tool. An attacker can craft a malicious PDF containing an image with a /FlateDecode filter specifying an excessively large size value. When pypdf processes this image, it attempts to allocate a large amount of memory, potentially exhausting RAM and causing denial of service. This flaw is classified under CWE-789 (Memory Allocation with Excessive Size Value). The issue is resolved in pypdf version 6.10.2.
Potential Impact
Successful exploitation can cause the consuming application to exhaust available RAM, potentially leading to denial of service or application crashes. There is no indication of code execution or data corruption beyond resource exhaustion. No known exploits are reported in the wild.
Mitigation Recommendations
A fix is available in pypdf version 6.10.2. Users should upgrade to this version to remediate the vulnerability. Alternatively, users may manually apply the patch changes from the official fix if immediate upgrading is not possible. No other mitigation steps are specified.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-20T14:01:46.671Z
- Cvss Version
- 4.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69e93e1919fe3cd2cdf2afe3
Added to database: 4/22/2026, 9:31:05 PM
Last enriched: 4/30/2026, 8:14:10 AM
Last updated: 6/6/2026, 5:41:22 AM
Views: 77
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.