Manipulated inline images can cause Infinite Loop in PyPDF2

PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content stream. The reason is that the last while-loop in `ContentStream._readInlineImage` only terminates when it finds the `EI` token, but never actually checks if the stream has already ended. This issue has been resolved in version `1.27.5`. Users unable to upgrade should validate and PDFs prior to iterating over their content stream.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

不可达退出条件的循环(无限循环)

PyPDF2 安全漏洞

PyPDF2是一个免费的开源纯 python PDF 库。能够拆分、 合并、 裁剪和转换 PDF 文件的页面。 PyPDF2 存在安全漏洞，该漏洞源于在 1.27.5 之前的版本中，使用此漏洞的攻击者可以制作 PDF，如果代码尝试获取内容流，则如果 PyPDF2 导致无限循环。

N/A

N/A