Pypi · Pypdf · CVE-2023-36810
**Name of the Vulnerable Software and Affected Versions**
pypdf versions prior to 1.27.9
**Description**
The issue is related to algorithmic complexity in the pypdf library, which can be exploited by an attacker to craft a PDF that leads to unexpected long runtime, blocking the current process and utilizing a single core of the CPU by 100%. This does not affect memory usage.
**Recommendations**
For versions prior to 1.27.9, upgrade to version 1.27.9 or later to resolve the issue.
As a temporary workaround, consider restricting the use of the pypdf library until a patch is applied.