Description
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.1, an attacker can craft a PDF with a page content stream containing a not terminated inline image, causing an infinite loop during inline image end marker detection such as when extracting page text. This issue is fixed in version 6.14.1.
Problem types
CWE-400: Uncontrolled Resource Consumption
Product status
References
github.com/.../pypdf/security/advisories/GHSA-5xf7-4p34-54qr
github.com/py-pdf/pypdf/pull/3891
github.com/...ommit/ec3b14596186c40caca7cf8ab9b2155203e01b5b
github.com/py-pdf/pypdf/releases/tag/6.14.1