MEDIUM

GHSA-j543-4vmf-qm7v

pypdf: Possible large memory usage for form XObjects during text extraction

상세

### Impact An attacker who uses this vulnerability can craft a PDF which leads to large memory usage. This requires extracting the text of a page which contains a form XObject with self-references.

### Patches This has been fixed in [pypdf==6.12.2](https://github.com/py-pdf/pypdf/releases/tag/6.12.2).

### Workarounds If you cannot upgrade yet, consider applying the changes from PR [#3805](https://github.com/py-pdf/pypdf/pull/3805).

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / pypdf

최초 영향 버전: 0 수정 버전: 6.12.2

수정 pip install --upgrade 'pypdf>=6.12.2'

참고

https://github.com/py-pdf/pypdf/security/advisories/GHSA-j543-4vmf-qm7v [WEB]
https://github.com/py-pdf/pypdf/pull/3805 [WEB]
https://github.com/py-pdf/pypdf [PACKAGE]
https://github.com/py-pdf/pypdf/releases/tag/6.12.2 [WEB]