Impact
An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the xfa property of a reader or writer and the corresponding stream being compressed using /FlateDecode.
Patches
This has been fixed in pypdf==6.7.3.
Workarounds
If you cannot upgrade yet, consider applying the changes from PR #3658.
bekkaze Reporter
stefan6419846 Analyst
Impact
An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing the
xfaproperty of a reader or writer and the corresponding stream being compressed using/FlateDecode.Patches
This has been fixed in pypdf==6.7.3.
Workarounds
If you cannot upgrade yet, consider applying the changes from PR #3658.