CVE-2023-46250

Name of the Vulnerable Software and Affected Versions pypdf versions 3.7.0 through 3.16.4

Description The issue allows an attacker to craft a PDF that leads to an infinite loop, blocking the current process and utilizing a single core of the CPU by 100%. This does not affect memory usage and can occur when a user manipulates an incoming malicious PDF, for example, by merging it with another PDF or by adding annotations.

Recommendations For versions 3.7.0 through 3.16.4, update to version 3.17.0 to resolve the issue. As a temporary workaround for versions 3.7.0 through 3.16.4, apply the patch manually by modifying pypdf/generic/ data structures.py.