pypdf Memory Exhaustion Vulnerability in RunLengthDecode Filter

A memory exhaustion vulnerability has been identified in the pypdf library, prior to version 6.7.4. This issue arises when the RunLengthDecode filter is used to parse PDF content streams, allowing an attacker to craft a PDF that causes excessive memory usage. The vulnerability has been addressed in pypdf version 6.7.4, and users unable to upgrade can apply the changes from PR #3664 as a temporary workaround.

Impact

Exploitation of this vulnerability can lead to significant memory consumption, potentially causing applications to run out of available RAM.

Reproduction

The vulnerability can be reproduced by crafting a PDF file that utilizes the RunLengthDecode filter to compress data. When this PDF is processed with a version of pypdf prior to 6.7.4, the library will decode the run-length data without any output length restrictions, allowing the PDF to consume large amounts of memory. This can be automated with a script that generates a PDF with a run-length encoded stream designed to bypass the output length limit.

Remediation

Users should upgrade to pypdf version 6.7.4 or later. Instructions for downloading this version are available on the pypdf GitHub releases page.