VDB
KO
MEDIUM

GHSA-m2v9-299j-rv96

pypdf: Possible infinite loop when processing outlines/bookmarks in writer

Details

### Impact

An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires merging a file with outlines into a writer.

### Patches

This has been fixed in [pypdf==6.13.0](https://github.com/py-pdf/pypdf/releases/tag/6.13.0).

### Workarounds

If you cannot upgrade yet, consider applying the changes from PR [#3830](https://github.com/py-pdf/pypdf/pull/3830).

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / pypdf
Introduced in: 0 Fixed in: 6.13.0
Fix pip install --upgrade 'pypdf>=6.13.0'

References