CVE-2023-36464 Information

Description

pypdf is an open source pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if __parse_content_stream is executed. That is for example the case if the user extracted text from such a PDF. This issue was introduced in pull request 969 and resolved in pull request 1828. Users are advised to upgrade. Users unable to upgrade may modify the line while peek not in (b\ \ b\ \) in pypdf/generic/_data_structures.py to while peek not in (b\ \ b\ \ b\).

Reference

https://github.com/py-pdf/pypdf/pull/969 https://github.com/py-pdf/pypdf/pull/1828 https://github.com/py-pdf/pypdf/security/advisories/GHSA-4vvm-4w3v-6mr8