Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Manipulated inline images can cause Infinite Loop in PyPDF2
Vulnerability Description
PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content stream. The reason is that the last while-loop in `ContentStream._readInlineImage` only terminates when it finds the `EI` token, but never actually checks if the stream has already ended. This issue has been resolved in version `1.27.5`. Users unable to upgrade should validate and PDFs prior to iterating over their content stream.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不可达退出条件的循环(无限循环)
Vulnerability Title
PyPDF2 安全漏洞
Vulnerability Description
PyPDF2是一个免费的开源纯 python PDF 库。能够拆分、 合并、 裁剪和转换 PDF 文件的页面。 PyPDF2 存在安全漏洞,该漏洞源于在 1.27.5 之前的版本中,使用此漏洞的攻击者可以制作 PDF,如果代码尝试获取内容流,则如果 PyPDF2 导致无限循环。
CVSS Information
N/A
Vulnerability Type
N/A