pypdf Infinite Loop Vulnerability Due to Circular Cross-Reference References

A denial-of-service vulnerability has been identified in pypdf, a pure-Python PDF library, in versions prior to 6.7.2. The issue arises when the library processes PDFs containing circular '/Prev' references in the cross-reference chain. This flaw causes the PdfReader to enter an infinite loop, consuming 100% CPU and repeatedly logging 'Overwriting cache' warnings. The vulnerability can be exploited by crafting a PDF with these circular references, which can be done using various PDF manipulation tools or libraries.

Impact

Exploitation of this vulnerability leads to an infinite loop, causing applications that use pypdf to process PDFs to hang indefinitely. This can disrupt web services or document processing applications that rely on pypdf.

Reproduction

The vulnerability can be reproduced by using pypdf version 6.7.1 to open a PDF file with circular '/Prev' references in the cross-reference chain. This can be done by downloading the 'FPC-05F-22PH20.pdf' datasheet from LCSC, which contains the necessary circular references. Once the PDF is obtained, it can be opened with the PdfReader class from pypdf, which will trigger the infinite loop.

Remediation

Users can upgrade to pypdf version 6.7.2 or apply the patch available in pull request #3655 on the pypdf repository.