We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | GitHub_M |
Reserved | 2023-10-19 |
Published | 2023-10-31 |
Updated | 2024-09-05 |
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case when the pypdf-user manipulates an incoming malicious PDF e.g. by merging it with another PDF or by adding annotations. The issue was fixed in version 3.17.0. As a workaround, apply the patch manually by modifying `pypdf/generic/_data_structures.py`.
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
https://github.com/py-pdf/pypdf/security/advisories/GHSA-wjcc-cq79-p63f
https://github.com/py-pdf/pypdf/pull/2264
https://github.com/py-pdf/pypdf/commit/9b23ac3c9619492570011d551d521690de9a3e2d