漏洞标题
在 PyPDF2 中编辑内联图像可能导致无限循环
漏洞描述信息
被操纵的内联图片可能导致PyPDF2中的无限循环
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
漏洞类别
N/A
漏洞标题
Manipulated inline images can cause Infinite Loop in PyPDF2
漏洞描述信息
PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content stream. The reason is that the last while-loop in `ContentStream._readInlineImage` only terminates when it finds the `EI` token, but never actually checks if the stream has already ended. This issue has been resolved in version `1.27.5`. Users unable to upgrade should validate and PDFs prior to iterating over their content stream.
CVSS信息
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
漏洞类别
不可达退出条件的循环(无限循环)
漏洞标题
PyPDF2 安全漏洞
漏洞描述信息
PyPDF2是一个免费的开源纯 python PDF 库。能够拆分、 合并、 裁剪和转换 PDF 文件的页面。 PyPDF2 存在安全漏洞,该漏洞源于在 1.27.5 之前的版本中,使用此漏洞的攻击者可以制作 PDF,如果代码尝试获取内容流,则如果 PyPDF2 导致无限循环。
CVSS信息
N/A
漏洞类别
其他