CVE-2022-24859

Name of the Vulnerable Software and Affected Versions PyPDF2 versions prior to 1.27.5

Description The issue is related to the ContentStream. readInlineImage function in the PyPDF2 library, which can lead to an infinite loop if an attacker crafts a PDF that causes the code to attempt to get the content stream without properly checking if the stream has already ended. This can be exploited by a remote attacker to cause a denial of service using a specially created PDF file. The reason for this issue is that the last while-loop in ContentStream. readInlineImage only terminates when it finds the EI token, but never actually checks if the stream has already ended.

Recommendations For versions prior to 1.27.5, upgrade to version 1.27.5 or later to resolve the issue. As a temporary workaround, consider validating PDFs prior to iterating over their content stream to minimize the risk of exploitation.