3 matches found
Allocation of Resources Without Limits or Throttling
Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the FlateDecode class. An attacker can cause excessive resource consumptio...
GHSA-9MVC-8737-8J8H pypdf possibly has long runtimes for malformed FlateDecode streams
Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. Patches This has been fixed in pypdf==6.7.1. Workarounds If you cannot upgrade yet, consider applying the chang...
Infinite loop
Overview pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files Affected versions of this package are vulnerable to Infinite loop in the children function in generic/datastructures.py, which fails to return from nodes with cyclic links in a...