GHSA-wjqc-6w8f-h24cMedium
pypdf: Manipulated XMP metadata streams can exhaust RAM
🔗 CVE IDs covered (1)
📋 Description
Impact
An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing large XMP metadata, possibly with lots of unnecessary elements.
Patches
This has been fixed in pypdf==6.12.1.
Workarounds
If you cannot upgrade yet, consider applying the changes from PR #3796.
🎯 Affected products1
- pip/pypdf:< 6.12.1