GHSA-g9xf-7f8q-9mcjMedium
pypdf: Possible infinite loop when processing threads/articles in writer
🔗 CVE IDs covered (1)
📋 Description
Impact
An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with threads/articles into a writer.
Patches
This has been fixed in pypdf==6.13.1.
Workarounds
If users cannot upgrade yet, consider applying the changes from PR #3839.
🎯 Affected products1
- pip/pypdf:< 6.13.1