Skip to content

Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream

Moderate
stefan6419846 published GHSA-87mj-5ggw-8qc3 Mar 23, 2026

Package

pip pypdf (pip)

Affected versions

< 6.9.2

Patched versions

>= 6.9.2

Description

Impact

An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode.

Patches

This has been fixed in pypdf==6.9.2.

Workarounds

If you cannot upgrade yet, consider applying the changes from PR #3693.

Severity

Moderate

CVE ID

CVE-2026-33699

Weaknesses

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop. Learn more on MITRE.

Credits