Impact
An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page with a not terminated inline image, as done when extracting the page text for example.
Patches
This has been fixed in pypdf==6.14.1.
Workarounds
If you cannot upgrade yet, consider applying the changes from PR #3891.
koltiradw Reporter
stefan6419846 Analyst
Impact
An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires parsing the content stream of a page with a not terminated inline image, as done when extracting the page text for example.
Patches
This has been fixed in pypdf==6.14.1.
Workarounds
If you cannot upgrade yet, consider applying the changes from PR #3891.