Vulnerabilities > CVE-2023-36464 - Infinite Loop vulnerability in multiple products

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

local

low complexity

pypdf2-project

pypdf-project

CWE-835

NVD

Published: 2023-06-27

Updated: 2023-07-06

Summary

pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b"\r", b"\n")` in `pypdf/generic/_data_structures.py` to `while peek not in (b"\r", b"\n", b"")`.

Vulnerable Configurations

Part	Description	Count
Application	Pypdf2_Project Pypdf2 Project Pypdf2 2.2.0 Pypdf2 Project Pypdf2 2.2.1 Pypdf2 Project Pypdf2 2.3.0 Pypdf2 Project Pypdf2 2.3.1 Pypdf2 Project Pypdf2 2.4.0 Pypdf2 Project Pypdf2 2.4.1 Pypdf2 Project Pypdf2 2.4.2 Pypdf2 Project Pypdf2 2.5.0 Pypdf2 Project Pypdf2 2.6.0 Pypdf2 Project Pypdf2 2.7.0 Pypdf2 Project Pypdf2 2.8.0 Pypdf2 Project Pypdf2 2.8.1 Pypdf2 Project Pypdf2 2.9.0 Pypdf2 Project Pypdf2 2.10.0 Pypdf2 Project Pypdf2 2.10.1 Pypdf2 Project Pypdf2 2.10.2 Pypdf2 Project Pypdf2 2.10.3 Pypdf2 Project Pypdf2 2.10.4 Pypdf2 Project Pypdf2 2.10.5 Pypdf2 Project Pypdf2 2.10.6 Pypdf2 Project Pypdf2 2.10.7 Pypdf2 Project Pypdf2 2.10.8 Pypdf2 Project Pypdf2 2.10.9 Pypdf2 Project Pypdf2 2.11.0 Pypdf2 Project Pypdf2 2.11.1 Pypdf2 Project Pypdf2 2.11.2 Pypdf2 Project Pypdf2 2.12.0 Pypdf2 Project Pypdf2 2.12.1 Pypdf2 Project Pypdf2 3.0.0 Pypdf2 Project Pypdf2 3.0.1	30
Application	Pypdf_Project Pypdf Project Pypdf 1.17.0 Pypdf Project Pypdf 1.18.0 Pypdf Project Pypdf 1.19.0 Pypdf Project Pypdf 1.20.0 Pypdf Project Pypdf 1.21.0 Pypdf Project Pypdf 1.22.0 Pypdf Project Pypdf 1.23.0 Pypdf Project Pypdf 1.24.0 Pypdf Project Pypdf 1.25.0 Pypdf Project Pypdf 1.25.1 Pypdf Project Pypdf 1.26.0 Pypdf Project Pypdf 1.27.0 Pypdf Project Pypdf 1.27.1 Pypdf Project Pypdf 1.27.2 Pypdf Project Pypdf 1.27.3 Pypdf Project Pypdf 1.27.4 Pypdf Project Pypdf 1.27.5 Pypdf Project Pypdf 1.27.6 Pypdf Project Pypdf 1.27.7 Pypdf Project Pypdf 1.27.8 Pypdf Project Pypdf 1.27.9 Pypdf Project Pypdf 1.27.10 Pypdf Project Pypdf 1.27.11 Pypdf Project Pypdf 1.27.12 Pypdf Project Pypdf 1.28.0 Pypdf Project Pypdf 1.28.1 Pypdf Project Pypdf 1.28.2 Pypdf Project Pypdf 1.28.3 Pypdf Project Pypdf 1.28.4 Pypdf Project Pypdf 1.28.5 Pypdf Project Pypdf 1.28.6 Pypdf Project Pypdf 2.0.0 Pypdf Project Pypdf 2.1.0 Pypdf Project Pypdf 2.1.1 Pypdf Project Pypdf 2.2.0 Pypdf Project Pypdf 2.2.1 Pypdf Project Pypdf 2.3.0 Pypdf Project Pypdf 2.3.1 Pypdf Project Pypdf 2.4.0 Pypdf Project Pypdf 2.4.1 Pypdf Project Pypdf 2.4.2 Pypdf Project Pypdf 2.5.0 Pypdf Project Pypdf 2.6.0 Pypdf Project Pypdf 2.7.0 Pypdf Project Pypdf 2.8.0 Pypdf Project Pypdf 2.8.1 Pypdf Project Pypdf 2.9.0 Pypdf Project Pypdf 2.10.0 Pypdf Project Pypdf 2.10.1 Pypdf Project Pypdf 2.10.2 Pypdf Project Pypdf 2.10.3 Pypdf Project Pypdf 2.10.4 Pypdf Project Pypdf 2.10.5 Pypdf Project Pypdf 2.10.6 Pypdf Project Pypdf 2.10.7 Pypdf Project Pypdf 2.10.8 Pypdf Project Pypdf 2.10.9 Pypdf Project Pypdf 2.11.0 Pypdf Project Pypdf 2.11.1 Pypdf Project Pypdf 2.11.2 Pypdf Project Pypdf 2.12.0 Pypdf Project Pypdf 2.12.1 Pypdf Project Pypdf 3.0.0 Pypdf Project Pypdf 3.1.0 Pypdf Project Pypdf 3.2.0 Pypdf Project Pypdf 3.2.1 Pypdf Project Pypdf 3.3.0 Pypdf Project Pypdf 3.4.0 Pypdf Project Pypdf 3.4.1 Pypdf Project Pypdf 3.5.0 Pypdf Project Pypdf 3.5.1 Pypdf Project Pypdf 3.5.2 Pypdf Project Pypdf 3.6.0 Pypdf Project Pypdf 3.7.0 Pypdf Project Pypdf 3.7.1 Pypdf Project Pypdf 3.8.0 Pypdf Project Pypdf 3.8.1	77

Common Weakness Enumeration (CWE)

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References