pypdf: Possible infinite loop during recovery attempts in DictionaryObject.read_from_stream
Description
Published to the GitHub Advisory Database
Mar 25, 2026
Reviewed
Mar 25, 2026
Published by the National Vulnerability Database
Mar 27, 2026
Last updated
Mar 27, 2026
Impact
An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This requires reading a file in non-strict mode.
Patches
This has been fixed in pypdf==6.9.2.
Workarounds
If users cannot upgrade yet, consider applying the changes from PR #3693.
References