You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
Learn more on MITRE.
kodareef5 Reporter
stefan6419846 Analyst
Impact
An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata.
Patches
This has been fixed in pypdf==6.10.0.
Workarounds
If you cannot upgrade yet, consider applying the changes from PR #3724.