Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
6.8
pypdf: Large PDF can exhaust your computer's memory
GHSA-7gw9-cf7v-778f
Summary
A malicious PDF file can cause your computer to run out of memory, leading to system slowdowns or crashes. This affects systems using the pypdf library to handle PDFs. To fix this, update to version 6.10.2 or apply a temporary patch from pull request #3734.
What to do
- Update pypdf to version 6.10.2.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| pip | – | pypdf |
< 6.10.2 Fix: upgrade to 6.10.2
|
Original title
pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM
Original description
### Impact
An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using `/FlateDecode` with a `/Predictor` unequal 1 and large predictor parameters.
### Patches
This has been fixed in [pypdf==6.10.2](https://github.com/py-pdf/pypdf/releases/tag/6.10.2).
### Workarounds
If you cannot upgrade yet, consider applying the changes from PR [#3734](https://github.com/py-pdf/pypdf/pull/3734).
An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using `/FlateDecode` with a `/Predictor` unequal 1 and large predictor parameters.
### Patches
This has been fixed in [pypdf==6.10.2](https://github.com/py-pdf/pypdf/releases/tag/6.10.2).
### Workarounds
If you cannot upgrade yet, consider applying the changes from PR [#3734](https://github.com/py-pdf/pypdf/pull/3734).
ghsa CVSS4.0
6.8
Vulnerability type
CWE-789
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026