You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter.
The product does not handle or incorrectly handles a compressed input with a very high compression ratio that produces a large output.
Learn more on MITRE.
tylzh97 Reporter
stefan6419846 Analyst
Impact
An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the content stream of a page using the LZWDecode filter.
Patches
This has been fixed in pypdf==6.1.3.
Workarounds
If you cannot upgrade yet, consider applying the changes from PR #3502.