pypdf Memory Exhaustion Vulnerability in LZWDecode Filter

A memory exhaustion vulnerability has been identified in the pypdf library, prior to version 6.1.3. This issue arises when the LZWDecode filter is used to parse the content stream of a PDF page, leading to excessive memory consumption. An attacker can exploit this vulnerability by crafting a specific PDF that triggers the problem.

Impact

Exploitation of this vulnerability can cause significant memory usage, potentially leading to a denial-of-service condition by exhausting available system resources.

Reproduction

The vulnerability can be reproduced by using the pypdf library to open a PDF file that has been crafted to include a LZW-encoded stream designed to consume large amounts of memory. This can be done by creating a PDF that uses the LZWDecode filter in a way that generates excessive output, such as by encoding a large amount of data or by exploiting the decoding process to create a memory-intensive scenario.

Remediation

Users can upgrade to pypdf version 6.1.3 or later to address this vulnerability. If an immediate upgrade is not possible, the changes from PR #3502 can be applied as a temporary workaround.