EXECUTIVE SUMMARY:
A vulnerability CVE-2026-33699 in the pypdf library where improper handling of certain input streams can lead to an infinite loop condition during PDF parsing. This flaw may be exploited by an attacker through specially crafted PDF files, causing excessive resource consumption and resulting in a denial-of-service (DoS) condition. The issue arises from insufficient validation and control over parsing logic, allowing the application to become unresponsive when processing malicious content. Systems relying on affected versions of the library are at risk of service disruption, particularly in environments where untrusted PDF files are processed. Updating to a patched version mitigates the risk by correcting the flawed parsing behavior and ensuring proper handling of malformed inputs. The vulnerability has a CVSS score of 4.6.
RECOMMENDATION:
REFERENCES:
The following reports contain further technical details: