DEBIAN-CVE-2023-36464
- Source
- https://security-tracker.debian.org/tracker/CVE-2023-36464
- Import Source
- https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-36464.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-36464
- Upstream
- Published
- 2023-06-27T22:15:11Z
- Modified
- 2025-09-25T23:28:42.517164Z
- Severity
-
- 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if
__parse_content_streamis executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the linewhile peek not in (b"\r", b"\n")inpypdf/generic/_data_structures.pytowhile peek not in (b"\r", b"\n", b""). - References
Affected packages
Debian:12 / pypdf
Package
- Name
- pypdf
- Purl
- pkg:deb/debian/pypdf?arch=source
Debian:13 / pypdf
Package
- Name
- pypdf
- Purl
- pkg:deb/debian/pypdf?arch=source
Debian:14 / pypdf
Package
- Name
- pypdf
- Purl
- pkg:deb/debian/pypdf?arch=source
Debian:12 / pypdf2
Package
- Name
- pypdf2
- Purl
- pkg:deb/debian/pypdf2?arch=source