CVE-2023-36464
published 2023-06-27CVE-2023-36464: pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream`…
PriorityP421medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
0.35%
27.1th percentile
pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b"\r", b"\n")` in `pypdf/generic/_data_structures.py` to `while peek not in (b"\r", b"\n", b"")`.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pypdf | < pypdf 3.4.1-1+deb12u1 (bookworm) | pypdf 3.4.1-1+deb12u1 (bookworm) |
| debian | pypdf2 | < pypdf 3.4.1-1+deb12u1 (bookworm) | pypdf 3.4.1-1+deb12u1 (bookworm) |
| py-pdf | pypdf | — | — |
| py-pdf | pypdf | — | — |
| pypdf2_project | pypdf2 | >= 0 < 2.12.1-3+deb12u1 | 2.12.1-3+deb12u1 |
| pypdf2_project | pypdf2 | 2.2.0 – 3.0.1 | — |
| pypdf2_project | pypdf2 | >= 2.2.0 | — |
| pypdf_project | pypdf | < 3.9.0 | 3.9.0 |
| pypdf_project | pypdf | >= 0 < 3.4.1-1+deb12u1 | 3.4.1-1+deb12u1 |
| pypdf_project | pypdf | >= 0 < 3.17.4-1 | 3.17.4-1 |
| pypdf_project | pypdf | >= 0 < 3.17.4-1 | 3.17.4-1 |
| pypdf_project | pypdf | >= 3.1.0 < 3.9.0 | 3.9.0 |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
osv5.5MEDIUM
vendor_debian6.2MEDIUM
vendor_redhat6.2MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character
osv·2023-06-30
CVE-2023-36464 [MEDIUM] pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character
pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character
### Impact
An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted text from such a PDF.
Example Code and a PDF that causes the issue:
```python
from pypdf import PdfReader
# https://objects.githubusercontent.com/github-production-repository-file-5c1aeb/3119517/11367871?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230627%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230627T201018Z&X-Amz-Expires=300&X-Amz-Signature=d71c8fd91
GHSA
pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character
ghsa·2023-06-30
CVE-2023-36464 [MEDIUM] CWE-835 pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character
pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character
### Impact
An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted text from such a PDF.
Example Code and a PDF that causes the issue:
```python
from pypdf import PdfReader
# https://objects.githubusercontent.com/github-production-repository-file-5c1aeb/3119517/11367871?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230627%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230627T201018Z&X-Amz-Expires=300&X-Amz-Signature=d71c8fd91
OSV
CVE-2023-36464: pypdf is an open source, pure-python PDF library
osv·2023-06-27·CVSS 5.5
CVE-2023-36464 [MEDIUM] CVE-2023-36464: pypdf is an open source, pure-python PDF library
pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b"\r", b"\n")` in `pypdf/generic/_data_structures.py` to `while peek not in (b"\r", b"\n", b"")`.
Red Hat
pypdf: Possible Infinite Loop when a comment isn't followed by a character
vendor_redhat·2023-06-28·CVSS 6.2
CVE-2023-36464 [MEDIUM] CWE-835 pypdf: Possible Infinite Loop when a comment isn't followed by a character
pypdf: Possible Infinite Loop when a comment isn't followed by a character
pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b"\r", b"\n")` in `pypdf/generic/_data_structures.py` to `while peek not in (b"\r", b"\n", b"")`.
A flaw was found in the pyPDF package. In affected versions of the pyPDF package, this flaw allows an attacker to craft a PDF, which leads to an infinite loop if `__parse_content_stream` is executed.
Debian
CVE-2023-36464: pypdf - pypdf is an open source, pure-python PDF library. In affected versions an attack...
vendor_debian·2023·CVSS 6.2
CVE-2023-36464 [MEDIUM] CVE-2023-36464: pypdf - pypdf is an open source, pure-python PDF library. In affected versions an attack...
pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b"\r", b"\n")` in `pypdf/generic/_data_structures.py` to `while peek not in (b"\r", b"\n", b"")`.
Scope: local
bookworm: resolved (fixed in 3.4.1-1+deb12u1)
forky: resolved (fixed in 3.17.4-1)
sid: resolved (fixed in 3.17.4-1)
trixie: resolved (fixed in 3.17.4-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/py-pdf/pypdf/pull/1828https://github.com/py-pdf/pypdf/pull/969https://github.com/py-pdf/pypdf/security/advisories/GHSA-4vvm-4w3v-6mr8https://github.com/py-pdf/pypdf/pull/1828https://github.com/py-pdf/pypdf/pull/969https://github.com/py-pdf/pypdf/security/advisories/GHSA-4vvm-4w3v-6mr8
2023-06-27
Published