PDFJinja requires PyPDF2 which is deprecated and has a vulnerability

`PyPDF2` is deprecated and has a [vulnerability issue](https://github.com/advisories/GHSA-4vvm-4w3v-6mr8) which can use 100% of a single core. An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if `__parse_content_stream` is executed.

<hr>

One can test this vulnerability by:

* Downloading [MiFO_LFO_FEIS_NOA_Published.3.pdf](https://github.com/user-attachments/files/15595434/MiFO_LFO_FEIS_NOA_Published.3.1.pdf) then running

    ``` python
    from PyPDF2 import PdfReader
    reader = PdfReader("MiFO_LFO_FEIS_NOA_Published.3.pdf")
    page = reader.pages[0]
    page.extract_text()
    ```

<hr>

It is recommended to migrate to [pypdf](https://github.com/py-pdf/pypdf), which is neither deprecated nor does it have this vulnerability.    
    
    



Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

PDFJinja requires PyPDF2 which is deprecated and has a vulnerability #26

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

PDFJinja requires PyPDF2 which is deprecated and has a vulnerability #26

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions