Impact
An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop.
This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
That is, for example, the case when the pypdf-user manipulates an incoming malicious PDF e.g. by merging it with another PDF or by adding annotations.
Patches
The issue was fixed with #2264
Workarounds
If you cannot update your version of pypdf, you should modify pypdf/generic/_data_structures.py just like #2264 did.
Alexhuszagh Analyst
Impact
An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop.
This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage.
That is, for example, the case when the pypdf-user manipulates an incoming malicious PDF e.g. by merging it with another PDF or by adding annotations.
Patches
The issue was fixed with #2264
Workarounds
If you cannot update your version of pypdf, you should modify
pypdf/generic/_data_structures.pyjust like #2264 did.