{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-41312", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-04-20T14:01:46.671Z", "datePublished": "2026-04-22T21:02:53.156Z", "dateUpdated": "2026-04-23T13:45:30.296Z"}, "containers": {"cna": {"title": "pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM", "problemTypes": [{"descriptions": [{"cweId": "CWE-789", "lang": "en", "description": "CWE-789: Memory Allocation with Excessive Size Value", "type": "CWE"}]}], "metrics": [{"cvssV4_0": {"attackVector": "LOCAL", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "PASSIVE", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "version": "4.0"}}], "references": [{"name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-7gw9-cf7v-778f", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-7gw9-cf7v-778f"}, {"name": "https://github.com/py-pdf/pypdf/pull/3734", "tags": ["x_refsource_MISC"], "url": "https://github.com/py-pdf/pypdf/pull/3734"}, {"name": "https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11", "tags": ["x_refsource_MISC"], "url": "https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11"}, {"name": "https://github.com/py-pdf/pypdf/releases/tag/6.10.2", "tags": ["x_refsource_MISC"], "url": "https://github.com/py-pdf/pypdf/releases/tag/6.10.2"}], "affected": [{"vendor": "py-pdf", "product": "pypdf", "versions": [{"version": "< 6.10.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-22T21:04:22.958Z"}, "descriptions": [{"lang": "en", "value": "pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using `/FlateDecode` with a `/Predictor` unequal 1 and large predictor parameters. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually."}], "source": {"advisory": "GHSA-7gw9-cf7v-778f", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-23T13:45:18.970091Z", "id": "CVE-2026-41312", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-23T13:45:30.296Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"title": "pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM", "source": {"advisory": "GHSA-7gw9-cf7v-778f", "discovery": "UNKNOWN"}, "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE"}}], "affected": [{"vendor": "py-pdf", "product": "pypdf", "versions": [{"status": "affected", "version": "< 6.10.2"}]}], "references": [{"url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-7gw9-cf7v-778f", "name": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-7gw9-cf7v-778f", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/py-pdf/pypdf/pull/3734", "name": "https://github.com/py-pdf/pypdf/pull/3734", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11", "name": "https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11", "tags": ["x_refsource_MISC"]}, {"url": "https://github.com/py-pdf/pypdf/releases/tag/6.10.2", "name": "https://github.com/py-pdf/pypdf/releases/tag/6.10.2", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using `/FlateDecode` with a `/Predictor` unequal 1 and large predictor parameters. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-789", "description": "CWE-789: Memory Allocation with Excessive Size Value"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-22T21:04:22.958Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-41312", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-23T13:45:18.970091Z"}}}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2026-04-23T13:45:25.607Z"}}]}, "cveMetadata": {"cveId": "CVE-2026-41312", "state": "PUBLISHED", "dateUpdated": "2026-04-22T21:04:22.958Z", "dateReserved": "2026-04-20T14:01:46.671Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-22T21:02:53.156Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pypdf_project:pypdf:*:*:*:*:*:*:*:*", "matchCriteriaId": "337052B5-CF2A-4226-8757-E09AB8B66A82", "versionEndExcluding": "6.10.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using `/FlateDecode` with a `/Predictor` unequal 1 and large predictor parameters. This has been fixed in pypdf 6.10.2. As a workaround, one may apply the changes from the patch manually."}], "id": "CVE-2026-41312", "lastModified": "2026-04-27T19:31:03.477", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-22T22:16:32.093", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/py-pdf/pypdf/pull/3734"}, {"source": "security-advisories@github.com", "tags": ["Release Notes"], "url": "https://github.com/py-pdf/pypdf/releases/tag/6.10.2"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/py-pdf/pypdf/security/advisories/GHSA-7gw9-cf7v-778f"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-789"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{"bugzilla": {"description": "pypdf: pypdf: Denial of Service due to excessive memory consumption via specially crafted PDF", "id": "2460912", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2460912"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-770", "details": ["A flaw was found in pypdf. An attacker can craft a malicious PDF file containing a specially compressed stream. When this file is processed, it can lead to excessive memory consumption (RAM exhaustion), resulting in a Denial of Service (DoS) for the affected system."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability."}, "name": "CVE-2026-41312", "package_state": [{"cpe": "cpe:/a:redhat:lightspeed_core", "fix_state": "Fix deferred", "package_name": "lightspeed-core/rag-tool-rhel9", "product_name": "Lightspeed Core"}, {"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Fix deferred", "package_name": "openshift-lightspeed/lightspeed-ocp-rag-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:openshift_lightspeed", "fix_state": "Fix deferred", "package_name": "openshift-lightspeed-tech-preview/lightspeed-rag-tool-rhel9", "product_name": "OpenShift Lightspeed"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Fix deferred", "package_name": "ansible-automation-platform-25/lightspeed-chatbot-rhel8", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "rhelai3/bootc-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "rhelai3/bootc-rocm-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:enterprise_linux_ai:3", "fix_state": "Fix deferred", "package_name": "rhelai3/disk-image-cuda-rhel9", "product_name": "Red Hat Enterprise Linux AI (RHEL AI) 3"}, {"cpe": "cpe:/a:redhat:openshift_ai", "fix_state": "Fix deferred", "package_name": "rhoai/odh-llama-stack-core-rhel9", "product_name": "Red Hat OpenShift AI (RHOAI)"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Fix deferred", "package_name": "quay/quay-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Fix deferred", "package_name": "quay/quay-rhel9", "product_name": "Red Hat Quay 3"}], "public_date": "2026-04-22T21:02:53Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-41312\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-41312\nhttps://github.com/py-pdf/pypdf/commit/ac734dab4eef92bcce50d503949b4d9887d89f11\nhttps://github.com/py-pdf/pypdf/pull/3734\nhttps://github.com/py-pdf/pypdf/releases/tag/6.10.2\nhttps://github.com/py-pdf/pypdf/security/advisories/GHSA-7gw9-cf7v-778f"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,6.10.2)"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "pypdf", "source": "cna", "vendor": "py-pdf"}, "product": "pypdf", "vendor": "py-pdf"}], "analysis": {"en": {"generated_at": "2026-04-28T15:15:43.915985+00:00", "value": {"mitigation_remediation": ["Upgrade to pypdf version 6.10.2 or newer, which includes the fix for this resource\u2011exhaustion issue.", "If an upgrade cannot be performed immediately, apply the patch changes manually as described in the GitHub commit to constrain predictor parameters and prevent excessive memory allocation.", "Review any third\u2011party code that processes PDFs with pypdf and enforce validation to reject streams with predictor values greater than 1 or unusually large predictor parameters, thereby mitigating accidental exploitation."], "summary": {"action": "Apply Patch", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "Any installation of the py-pdf pypdf library with a version earlier than 6.10.2 is vulnerable. The flaw exists in the default PDF parser used by applications that import the library. No specific operating systems are mentioned, but any environment running Python and using pypdf for PDF handling is affected.", "description_and_impact": "The vulnerability in the pypdf library allows an attacker to craft a PDF containing a /FlateDecode stream with a /Predictor value other than 1 and large predictor parameters. When such a stream is processed, the library allocates excessive amounts of RAM, ultimately exhausting system memory. Because the library is pure Python, the memory exhaustion manifests as a denial of service in any process that parses the malicious PDF. This flaw is classified as CWE\u2011770 and CWE\u2011789, resource exhaustion.", "risk_and_exploitability": "The CVSS score of 4.8 indicates a moderate risk. The EPSS score is 0.00014 (less than 1%), and the vulnerability is not listed in the CISA KEV catalog. The exploit requires the attacker to supply a malicious PDF that is parsed by an application using the vulnerable library. As the PDF is a local input, the attack vector is inferred to be file\u2011based or local process input rather than remote network exploitation."}}}}, "created": "2026-04-22T22:30:28.631170+00:00", "updated": "2026-04-28T15:30:34.811355+00:00", "vendors": ["py-pdf", "py-pdf$PRODUCT$pypdf"]}