Pypi · Pypdf · CVE-2023-46250
**Name of the Vulnerable Software and Affected Versions**
pypdf versions 3.7.0 through 3.16.4
**Description**
The issue allows an attacker to craft a PDF that leads to an infinite loop, blocking the current process and utilizing a single core of the CPU by 100%. This does not affect memory usage and can occur when a user manipulates an incoming malicious PDF, for example, by merging it with another PDF or by adding annotations.
**Recommendations**
For versions 3.7.0 through 3.16.4, update to version 3.17.0 to resolve the issue.
As a temporary workaround for versions 3.7.0 through 3.16.4, apply the patch manually by modifying `pypdf/generic/ data structures.py`.