GHSA-jj6c-8h6c-hppx

ADVISORY - github

Summary

Impact

An attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires cross-reference streams with wrong large /Size values or object streams with wrong large /N values.

Patches

This has been fixed in pypdf==6.10.1.

Workarounds

If you cannot upgrade yet, consider applying the changes from PR #3733.

Common Weakness Enumeration (CWE)

ADVISORY - github

CWE-834⁠

Excessive Iteration

Impacted images

Advisories

GitHub

CREATED

7 hours ago

UPDATED

7 hours ago

ADVISORY IDGHSA-jj6c-8h6c-hppx⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-834⁠

CVSS SCORE

4.8medium