Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.3
Adobe Acrobat and pypdf PDF parsing errors can cause RAM exhaustion
GHSA-x284-j5p8-9c5p
Summary
A flaw in Adobe Acrobat and pypdf can cause a malicious PDF to crash your system by consuming all available memory. This can happen if a hacker creates a specially crafted PDF with an image that's too large. To stay safe, update to the latest version of pypdf or apply a patch from the developers.
What to do
- Update stefan6419846 pypdf to version 6.10.2.
Affected software
| Ecosystem | Vendor | Product | Affected versions |
|---|---|---|---|
| PyPI | stefan6419846 | pypdf |
< 6.10.2 Fix: upgrade to 6.10.2
|
Original title
pypdf: Manipulated FlateDecode image dimensions can exhaust RAM
Original description
### Impact
An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using `/FlateDecode` with large size values.
### Patches
This has been fixed in [pypdf==6.10.2](https://github.com/py-pdf/pypdf/releases/tag/6.10.2).
### Workarounds
If you cannot upgrade yet, consider applying the changes from PR [#3734](https://github.com/py-pdf/pypdf/pull/3734).
An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing an image using `/FlateDecode` with large size values.
### Patches
This has been fixed in [pypdf==6.10.2](https://github.com/py-pdf/pypdf/releases/tag/6.10.2).
### Workarounds
If you cannot upgrade yet, consider applying the changes from PR [#3734](https://github.com/py-pdf/pypdf/pull/3734).
osv CVSS4.0
7.3
Vulnerability type
CWE-789
Published: 16 Apr 2026 · Updated: 16 Apr 2026 · First seen: 16 Apr 2026