pypdf Memory Consumption Vulnerability Due to Large /ToUnicode Stream Parsing

A vulnerability in pypdf, a pure-Python PDF library, prior to version 6.7.1, allows an attacker to create a PDF that causes excessive memory usage and prolonged processing times. This issue arises from parsing the /ToUnicode entry of a font that contains abnormally large values, particularly during text extraction. The vulnerability has been addressed in version 6.7.1.

Impact

Exploitation of this vulnerability leads to significant memory consumption and increased processing times when handling affected PDF files.

Reproduction

The vulnerability can be reproduced by creating a PDF file that includes a font with a /ToUnicode entry containing large values. When this PDF is processed with a version of pypdf prior to 6.7.1, the library will experience extended runtimes and excessive memory usage.

Remediation

Users can upgrade to pypdf version 6.7.1 or later to address this vulnerability. If an immediate upgrade is not possible, the changes from PR #3646 can be applied as a temporary workaround.