pdfjinja icon indicating copy to clipboard operation
pdfjinja copied to clipboard

Published 20 hours ago verified publisher icon rammie

PDFJinja requires PyPDF2 which is deprecated and has a vulnerability

Open jasonmnayerji0 opened this issue 8 months ago • 0 comments

PyPDF2 is deprecated and has a vulnerability issue which can use 100% of a single core. An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if __parse_content_stream is executed.

One can test this vulnerability by:

  • Downloading MiFO_LFO_FEIS_NOA_Published.3.pdf then running

    from PyPDF2 import PdfReader
reader = PdfReader("MiFO_LFO_FEIS_NOA_Published.3.pdf")
page = reader.pages[0]
page.extract_text()

It is recommended to migrate to pypdf, which is neither deprecated nor does it have this vulnerability.

jasonmnayerji0 avatar Jun 05 '24 19:06 jasonmnayerji0