{ "affected": [ { "ecosystem_specific": { "urgency": "not yet assigned" }, "package": { "ecosystem": "Debian:12", "name": "pypdf" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "3.4.1-1+deb12u1" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "not yet assigned" }, "package": { "ecosystem": "Debian:13", "name": "pypdf" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "3.17.4-1" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "not yet assigned" }, "package": { "ecosystem": "Debian:14", "name": "pypdf" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "3.17.4-1" } ], "type": "ECOSYSTEM" } ] }, { "ecosystem_specific": { "urgency": "not yet assigned" }, "package": { "ecosystem": "Debian:12", "name": "pypdf2" }, "ranges": [ { "events": [ { "introduced": "0" }, { "fixed": "2.12.1-3+deb12u1" } ], "type": "ECOSYSTEM" } ] } ], "details": "pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line `while peek not in (b\"\\r\", b\"\\n\")` in `pypdf/generic/_data_structures.py` to `while peek not in (b\"\\r\", b\"\\n\", b\"\")`.", "id": "DEBIAN-CVE-2023-36464", "modified": "2026-04-28T19:53:28.312778250Z", "published": "2023-06-27T22:15:11.790Z", "references": [ { "type": "ADVISORY", "url": "https://security-tracker.debian.org/tracker/CVE-2023-36464" } ], "severity": [ { "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ], "upstream": [ "CVE-2023-36464" ] }