python · pypdfHeads-up
pypdf Denial of Service via Crafted Cross-Reference Stream
A security vulnerability in pypdf allows crafted PDFs with cross-reference streams using /W [0 0 0] and large /Size values to cause long runtimes, leading to po
What changed
A security vulnerability in pypdf allows crafted PDFs with cross-reference streams using /W [0 0 0] and large /Size values to cause long runtimes, leading to potential denial of service.
Who it affects
All users of pypdf prior to version 6.12.0 who process untrusted PDF files.
What to do today
Upgrade to pypdf==6.12.0 or apply the changes from PR #3791 if immediate upgrade is not possible.
The trail
Collected→
Audited→
Written→
Published
Source
GitHub Advisory · pypdf