pypdf@6.14.1

A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files

  • latest version

    6.14.2

  • latest non vulnerable version

  • first published

    12 years ago

  • latest version published

    20 days ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the pypdf package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Infinite loop

    pypdf is an A pure-python PDF library capable of splitting, merging, cropping, and transforming PDF files

    Affected versions of this package are vulnerable to Infinite loop in the inline image decoding code in pypdf/generic/_image_inline.py. An attacker can hang text extraction or other content-stream parsing by supplying a PDF page with an unterminated inline image that uses the ASCII85 or ASCIIHex filter. When ContentStream._read_inline_image parses such malformed content, the decoder keeps scanning for the inline-image terminator instead of stopping at the end of the stream, so a crafted document can drive the parser into an endless loop and freeze the application processing the PDF.

    Notes

    • The infinite-loop path is in the inline-image readers for the A85 and AHx filters, so PDFs that use other inline-image encodings are not part of this issue.
    • The hang shows up while parsing a page content stream, such as during text extraction or any other operation that walks ContentStream; document rendering paths that do not parse inline image data are outside this scope.

    How to fix Infinite loop?

    Upgrade pypdf to version 6.14.2 or higher.

    [,6.14.2)