Impact
An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large /Length value, regardless of the actual data length inside the stream.
Patches
This has been fixed in pypdf==6.8.0.
Workarounds
If you cannot upgrade yet, consider applying the changes from PR #3675.
As far as we are aware, this mostly affects reading from buffers of unknown size, as returned by open("file.pdf", mode="rb") for example. Passing a file path or a BytesIO buffer to pypdf instead does not seem to trigger the vulnerability.
iconnnjka Reporter
stefan6419846 Analyst
Impact
An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing a content stream with a rather large
/Lengthvalue, regardless of the actual data length inside the stream.Patches
This has been fixed in pypdf==6.8.0.
Workarounds
If you cannot upgrade yet, consider applying the changes from PR #3675.
As far as we are aware, this mostly affects reading from buffers of unknown size, as returned by
open("file.pdf", mode="rb")for example. Passing a file path or aBytesIObuffer to pypdf instead does not seem to trigger the vulnerability.