pypdf@6.14.0

A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files

  • latest version

    6.14.2

  • latest non vulnerable version

  • first published

    12 years ago

  • latest version published

    21 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the pypdf package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Infinite loop

    pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files

    Affected versions of this package are vulnerable to Infinite loop in the inline image decoding code in pypdf/generic/_image_inline.py. An attacker can hang text extraction or other content-stream parsing by supplying a PDF page with an unterminated inline image that uses the ASCII85 or ASCIIHex filter. When ContentStream._read_inline_image parses such malformed content, the decoder keeps scanning for the inline-image terminator instead of stopping at the end of the stream, so a crafted document can drive the parser into an endless loop and freeze the application processing the PDF.

    Notes

    • The infinite-loop path is in the inline-image readers for the A85 and AHx filters, so PDFs that use other inline-image encodings are not part of this issue.
    • The hang shows up while parsing a page content stream, such as during text extraction or any other operation that walks ContentStream; document rendering paths that do not parse inline image data are outside this scope.

    How to fix Infinite loop?

    Upgrade pypdf to version 6.14.2 or higher.

    [,6.14.2)
    • H
    Infinite loop

    pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files

    Affected versions of this package are vulnerable to Infinite loop in ContentStream._read_inline_image in pypdf/generic/_data_structures.py. An attacker can hang text extraction or any other content-stream parse by supplying a PDF with an unclosed inline image, causing the parser to keep scanning for the end marker after reaching the end of the stream. This locks up the parsing thread and can prevent the application from finishing processing the affected document.

    How to fix Infinite loop?

    Upgrade pypdf to version 6.14.1 or higher.

    [,6.14.1)