GHSA-7gw9-cf7v-778f

ADVISORY - github

Summary

Impact

An attacker who uses this vulnerability can craft a PDF which leads to the RAM being exhausted. This requires accessing a stream compressed using /FlateDecode with a /Predictor unequal 1 and large predictor parameters.

Patches

This has been fixed in pypdf==6.10.2.

Workarounds

If you cannot upgrade yet, consider applying the changes from PR #3734.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-789⁠

Memory Allocation with Excessive Size Value

Impacted images

Advisories

GitHub

CREATED

7 hours ago

UPDATED

7 hours ago

ADVISORY IDGHSA-7gw9-cf7v-778f⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-789⁠

CVSS SCORE

6.8medium