CVE-2026-31826

Опубликовано: 10 мар. 2026

Источник: redhat

CVSS3: 6.5

Описание

A flaw was found in pypdf, a pure-Python PDF library. An attacker can craft a malicious PDF file containing a content stream with an intentionally large /Length value. When this PDF is parsed, it can lead to excessive memory consumption, resulting in a Denial of Service (DoS) condition due to resource exhaustion.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние
OpenShift Lightspeed	openshift-lightspeed/lightspeed-ocp-rag-rhel9	Fix deferred
OpenShift Lightspeed	openshift-lightspeed/lightspeed-service-api-rhel9	Fix deferred
OpenShift Lightspeed	openshift-lightspeed-tech-preview/lightspeed-rag-tool-rhel9	Fix deferred
Red Hat Enterprise Linux AI (RHEL AI) 3	rhelai3/bootc-cuda-rhel9	Fix deferred
Red Hat Enterprise Linux AI (RHEL AI) 3	rhelai3/disk-image-cuda-rhel9	Fix deferred
Red Hat OpenShift AI (RHOAI)	rhoai/odh-llama-stack-core-rhel9	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-770

https://bugzilla.redhat.com/show_bug.cgi?id=2446336pypdf: pypdf: Denial of Service due to excessive memory consumption via crafted PDF

6.5 Medium

CVSS3

Связанные уязвимости

CVE-2026-31826

CVSS3: 5.5

ubuntu

17 дней назад

pypdf is a free and open-source pure-python PDF library. Prior to 6.8.0, an attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream. This vulnerability is fixed in 6.8.0.