Vulnerability Database

318,756

Total vulnerabilities in the database

CVE-2023-36464

pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if __parse_content_stream is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line while peek not in (b"\r", b"\n") in pypdf/generic/_data_structures.py to while peek not in (b"\r", b"\n", b"").

Published: Jun 27, 2023
Updated: Nov 16, 2025
CVE: CVE-2023-36464
GHSA: GHSA-4vvm-4w3v-6mr8
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.2
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWEs:

CWE-835

Affected Software
References

Software	From	Fixed in
pypdf	3.1.0	3.9.0
PyPDF2	2.2.0	3.0.1.x
pypdf2_project / pypdf2	2.2.0	2.2.0.x
pypdf_project / pypdf	-	3.9.0

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo