Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Quadratic runtime with malformed PDF missing xref marker #582

Closed
Google-Autofuzz opened this issue Nov 13, 2020 · 2 comments
Closed

Quadratic runtime with malformed PDF missing xref marker #582

Google-Autofuzz opened this issue Nov 13, 2020 · 2 comments
Labels
is-bug From a users perspective, this is a bug - a violation of the expected behavior with a compliant PDF is-robustness-issue From a users perspective, this is about robustness nf-security Non-functional change: Security

Comments

@Google-Autofuzz
Copy link

Google-Autofuzz commented Nov 13, 2020
edited by MartinThoma
Loading

When running the following code with PyPDF2==1.27.8 on the attached input results in 100% CPU consumption for an arbitrary long time.

MCVE

PDF: test.pdf

from PyPDF2 import PdfFileReader

reader = PdfFileReader("test.pdf")
@Google-Autofuzz Google-Autofuzz changed the title Inifinite loop with malformed PDF Infinite loop with malformed PDF Nov 13, 2020
@MartinThoma MartinThoma added is-bug From a users perspective, this is a bug - a violation of the expected behavior with a compliant PDF is-robustness-issue From a users perspective, this is about robustness labels Apr 7, 2022
@MartinThoma
Copy link
Member

MartinThoma commented Apr 24, 2022
edited
Loading

The PDF is hopelessly broken:

$ cat issue-582.pdf 
ang��H
%s/I\ʱ\\\\\\\\\\\\\\\\\\\\\\\\\[\\𝟖\\\
%EO-254536430
%%EOFF�	g
e�
%%EOF%

Investigating

import time
import PyPDF2
import traceback

print(PyPDF2.__version__)

t0 = time.time()
try:
    reader = PyPDF2.PdfFileReader("test.pdf")
except Exception as e:
    print(traceback.format_exc())
    print(e)
t1 = time.time()
print(f"`PyPDF2=={PyPDF2.__version__}` finished after {t1-t0:.3f}s")

Affected Versions

@MartinThoma MartinThoma added the nf-security Non-functional change: Security label Jun 30, 2023
@MartinThoma MartinThoma changed the title Infinite loop with malformed PDF Very long execution time with malformed PDF Jun 30, 2023
@MartinThoma MartinThoma changed the title Very long execution time with malformed PDF Quadratic runtime with malformed PDF Jun 30, 2023
@MartinThoma MartinThoma changed the title Quadratic runtime with malformed PDF Quadratic runtime with malformed PDF missing xref marker Jun 30, 2023
@MartinThoma
Copy link
Member

Reported publicly via GHSA-jrm6-h9cq-8gqw

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
is-bug From a users perspective, this is a bug - a violation of the expected behavior with a compliant PDF is-robustness-issue From a users perspective, this is about robustness nf-security Non-functional change: Security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MartinThoma @Google-Autofuzz