We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
pypdf is a free and open-source pure-python PDF library. An attacker who uses a vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case when the pypdf-user manipulates an incoming malicious PDF e.g. by merging it with another PDF or by adding annotations. The issue was fixed in version 3.17.0. As a workaround, apply the patch manually by modifying `pypdf/generic/_data_structures.py`.
Reserved 2023-10-19 | Published 2023-10-31 | Updated 2024-09-05 | Assigner GitHub_MCWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
github.com/.../pypdf/security/advisories/GHSA-wjcc-cq79-p63f
github.com/py-pdf/pypdf/pull/2264
github.com/...ommit/9b23ac3c9619492570011d551d521690de9a3e2d
Support options