pypdf is a free and open-source pure-python PDF library. In versions prior to 6.10.0, manipulated XMP metadata entity declarations can exhaust RAM. An attacker who exploits this vulnerability can craft a PDF which leads to large memory usage. This requires parsing the XMP metadata. This issue has been fixed in version 6.10.0.
The product uses XML documents and allows their structure to be defined with a Document Type Definition (DTD), but it does not properly control the number of recursive definitions of entities.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Pypdf | Pypdf_project | * | 6.10.0 (excluding) |
| Pypdf2 | Ubuntu | esm-apps/xenial | * |