python · pypdfHeads-up
pypdf Vulnerability: Large Memory Usage via Crafted XMP Metadata
A vulnerability in pypdf allows an attacker to craft a PDF that leads to large memory usage when parsing large XMP metadata with unnecessary elements.
What changed
A vulnerability in pypdf allows an attacker to craft a PDF that leads to large memory usage when parsing large XMP metadata with unnecessary elements. Fixed in version 6.12.1.
Who it affects
Users of pypdf parsing untrusted PDF files, especially those processing XMP metadata.
What to do today
Upgrade to pypdf 6.12.1 or apply the changes from PR #3796.
The trail
Collected→
Audited→
Written→
Published
Source
GitHub Advisory · pypdf