PT-2022-7123 · Pypi+1 · Pypdf+1
Exiledkingcc
·
Published
2022-06-10
·
Updated
2026-04-29
·
CVE-2023-36464
CVSS v3.1
6.2
Medium
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
pypdf versions prior to 3.9.0
Description
The issue is related to the execution of
parse content stream which can lead to an infinite loop if a crafted PDF is used. This can occur, for example, when a user extracts text from such a PDF. The infinite loop can block the current process and utilize a single core of the CPU by 100%. It does not affect memory usage.Recommendations
For versions prior to 3.9.0, upgrade to
pypdf>=3.9.0 to resolve the issue.
If you cannot update your version of pypdf, modify the line while peek not in (b"r", b" ") in pypdf/generic/ data structures.py to while peek not in (b"r", b" ", b"").Exploit
Fix
Infinite Loop
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Linux
Pypdf