pypdf is vulnerable to Denial of Service (DoS)
62
Medium Risk
pypdf extracts inline images from page content streams using dedicated decoders for the ASCII85 and ASCIIHex filters. These decoders read the stream in a loop and rewind two bytes whenever a terminator is not yet found, but they fail to detect when the underlying stream is already exhausted. A crafted PDF whose inline image is never properly terminated makes the decoder rewind and re-read the same bytes endlessly, hanging operations such as page text extraction. The fix detects an empty read from the stream and raises a read error instead of looping forever.
You are affected if you are using a version that falls within the vulnerable range and your application parses untrusted PDFs containing inline images.
pypdf is vulnerable to Denial of Service (DoS) in versions 0.0.1 - 6.14.1.
Upgrade the pypdf library to the patch version.
Connect your repositories to instantly see whether vulnerable or malicious packages exist in your codebase.
Free. No credit card required.

SOC 2Compliant
ISO 27001Compliant