I found something when using PyPDF in my flask application. When processing a malformed PDF file with a corrupted xref table, the library attempts to parse an empty string as an integer, resulting in an unhandled ValueError exception. This can potentially be exploited to cause denial of service in applications that use PyPDF4 to process user-uploaded PDF files.
I've created a write-up explaining this more in depth, including a PoC
https://github.com/JeffAllen714/PyPDF4-Integer-Parsing-Vulnerability/blob/main/PyPDF4-Integer-Parsing-Vulnerability-Writeup.md
I found something when using PyPDF in my flask application. When processing a malformed PDF file with a corrupted xref table, the library attempts to parse an empty string as an integer, resulting in an unhandled ValueError exception. This can potentially be exploited to cause denial of service in applications that use PyPDF4 to process user-uploaded PDF files.
I've created a write-up explaining this more in depth, including a PoC
https://github.com/JeffAllen714/PyPDF4-Integer-Parsing-Vulnerability/blob/main/PyPDF4-Integer-Parsing-Vulnerability-Writeup.md