Skip to content

SEC: Avoid infinite loop when reading broken DCT-based inline images#3501

Merged
stefan6419846 merged 2 commits intopy-pdf:mainfrom
stefan6419846:dct_eof
Oct 22, 2025
Merged

SEC: Avoid infinite loop when reading broken DCT-based inline images#3501
stefan6419846 merged 2 commits intopy-pdf:mainfrom
stefan6419846:dct_eof

Conversation

@stefan6419846
Copy link
Copy Markdown
Collaborator

@stefan6419846 stefan6419846 commented Oct 22, 2025

@codecov
Copy link
Copy Markdown

codecov bot commented Oct 22, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.09%. Comparing base (b751ca2) to head (9e6360e).
⚠️ Report is 75 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #3501   +/-   ##
=======================================
  Coverage   97.09%   97.09%           
=======================================
  Files          56       56           
  Lines        9666     9671    +5     
  Branches     1751     1752    +1     
=======================================
+ Hits         9385     9390    +5     
  Misses        168      168           
  Partials      113      113

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@stefan6419846 stefan6419846 merged commit f2864d6 into py-pdf:main Oct 22, 2025
16 checks passed
@stefan6419846 stefan6419846 deleted the dct_eof branch October 22, 2025 15:52
stefan6419846 added a commit that referenced this pull request Oct 22, 2025
@stefan6419846
REL: 6.1.3
4a613f3 
## What's new

### Security (SEC)
- Allow limiting size of LZWDecode streams (#3502) by @stefan6419846
- Avoid infinite loop when reading broken DCT-based inline images (#3501) by @stefan6419846

### Bug Fixes (BUG)
- PageObject.scale() scales media box incorrectly (#3489) by @Nid01

### Robustness (ROB)
- Fail with explicit exception when image mode is an empty array (#3500) by @stefan6419846

[Full Changelog](6.1.2...6.1.3)
OpenNingia pushed a commit to OpenNingia/pypdf that referenced this pull request Oct 23, 2025
@stefan6419846 @OpenNingia
SEC: Avoid infinite loop when reading broken DCT-based inline images (p…
fc318df 
…y-pdf#3501)
OpenNingia pushed a commit to OpenNingia/pypdf that referenced this pull request Oct 23, 2025
@stefan6419846 @OpenNingia
REL: 6.1.3
e9904ac 
## What's new

### Security (SEC)
- Allow limiting size of LZWDecode streams (py-pdf#3502) by @stefan6419846
- Avoid infinite loop when reading broken DCT-based inline images (py-pdf#3501) by @stefan6419846

### Bug Fixes (BUG)
- PageObject.scale() scales media box incorrectly (py-pdf#3489) by @Nid01

### Robustness (ROB)
- Fail with explicit exception when image mode is an empty array (py-pdf#3500) by @stefan6419846

[Full Changelog](py-pdf/pypdf@6.1.2...6.1.3)
@crackcodecamp crackcodecamp mentioned this pull request Nov 11, 2025
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@stefan6419846