First published: Tue Jun 27 2023(Updated: )
pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b"\r", b"\n")` in `pypdf/generic/_data_structures.py` to `while peek not in (b"\r", b"\n", b"")`.
Credit: security-advisories@github.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pypdf Project Pypdf | <3.9.0 | |
Pypdf2 Project Pypdf2 | >=2.2.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.