Pypdf2 Project Pypdf2 vulnerabilities

CVE-2023-36807 [MEDIUM] CWE-835 PyPDF2 vulnerable to possible Infinite Loop when reading malformed objects PyPDF2 vulnerable to possible Infinite Loop when reading malformed objects ### Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such a malformed PDF.

CVE-2023-36810 [MEDIUM] CWE-407 PyPDF2 quadratic runtime with malformed PDF missing xref marker PyPDF2 quadratic runtime with malformed PDF missing xref marker ### Impact An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. ### Patches https://github.com/py-pdf/pypdf/pull/808 ### Workarounds _Is there a way for users to

CVE-2023-36464 [MEDIUM] CWE-835 CVE-2023-36464: pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF w pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to

CVE-2022-24859 [MEDIUM] CWE-835 CVE-2022-24859: PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transformin PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content stream. The reason is that the last while-loop in `Cont