Sebastian Krause

**Name of the Vulnerable Software and Affected Versions** PyPDF2 versions prior to 1.27.5 **Description** The issue is related to the `ContentStream. readInlineImage` function in the PyPDF2 library, which can lead to an infinite loop if an attacker crafts a PDF that causes the code to attempt to get the content stream without properly checking if the stream has already ended. This can be exploited by a remote attacker to cause a denial of service using a specially created PDF file. The reason for this issue is that the last while-loop in `ContentStream. readInlineImage` only terminates when it finds the `EI` token, but never actually checks if the stream has already ended. **Recommendations** For versions prior to 1.27.5, upgrade to version 1.27.5 or later to resolve the issue. As a temporary workaround, consider validating PDFs prior to iterating over their content stream to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Siemens ETA4 firmware versions prior to Revision 08 **Description** The issue allows specially crafted packets sent to Port 2404/TCP to cause the affected device to go into defect mode, resulting in a Denial-of-Service. A cold start might be required to recover the system. **Recommendations** For versions prior to Revision 08, update the firmware to Revision 08 or later to resolve the issue. As a temporary workaround, consider restricting access to Port 2404/TCP to minimize the risk of exploitation.