Pypdf: Manipulated XMP Metadata Entity Declarations Can Exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. Patches This has been fixed in "pypdf==6.10.0" https://github.com/py-pdf/pypdf/releases/tag/6.10.0. Workarounds If you cannot upgrade yet, consider applying th...

pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode. Patches This has been fixed in pypdf==6.9.2. Workarounds If users cannot upgrade yet, consider applying the changes from PR 3693...

pypdf: Manipulated RunLengthDecode streams can exhaust RAM

Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream using the RunLengthDecode filter. Patches This has been fixed in pypdf==6.7.4. Workarounds If you cannot upgrade yet, consider applying the changes from PR 36...

pypdf possibly has long runtimes for malformed FlateDecode streams

Impact An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires a malformed /FlateDecode stream, where the byte-by-byte decompression is used. Patches This has been fixed in pypdf==6.7.1. Workarounds If you cannot upgrade yet, consider applying the chang...