CVE-2026-41312 vulnerabilities

Vulnerabilities for packages: open-webui, litellm, nemo...

CVE-2026-41312

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using /FlateDecode with a /Predictor unequal 1 and large predictor...

UBUNTU-CVE-2026-41312

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using /FlateDecode with a /Predictor unequal 1 and large predictor...

CVE-2026-41312 pypdf: Manipulated FlateDecode predictor parameters can exhaust RAM

pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions prior to 6.10.2 can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using /FlateDecode with a /Predictor unequal 1 and large predictor...

aiagents4pharma (>=1.45.0 <=1.48.1), aiagents4pharma-ansh (=0.0.0) +20 more potentially affected by CVE-2026-41312 via pypdf (>=6.0.0 <=6.10.1)

pypdf PYPI version =6.0.0, =1.45.0, =1759155233.0.0, =0.3.0, =4.7.6, =1.0.0, =0.6.27, =0.0.24, =0.0.25 and more Source cves: CVE-2026-41312 Source advisory: SNYK:PYTHON-PYPDF-16097901...

3m (>=0.1.0 <=0.1.3), a2d-diary (>=0.1.0 <=0.1.5) +1779 more potentially affected by CVE-2026-41312 via pypdf2 (>=1.24.0 <=3.0.1)

pypdf2 PYPI version =1.24.0, =0.1.0, =0.1.0, =1.1.0, =0.0.0.1, =0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.2, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1038 and more Source cves: CVE-2026-41312 Source advisory: SNYK:PYTHON-PYPDF2-16097902...