GHSA-jm82-fx9c-mx94
ADVISORY - githubSummary
Impact
An attacker who uses this vulnerability can craft a PDF which leads to large memory usage, as MAX_DECLARED_STREAM_LENGTH is sometimes ignored. This requires parsing a content stream without a /Length value.
Patches
This has been fixed in pypdf==6.13.3.
Workarounds
If you cannot upgrade yet, consider applying the changes from PR #3871.
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in