From 7a4c8246ed48d9d328fb596942271da47b6d109c Mon Sep 17 00:00:00 2001
From: Stefan <96178532+stefan6419846@users.noreply.github.com>
Date: Tue, 24 Feb 2026 18:17:59 +0100
Subject: [PATCH] SEC: Use zlib decompression limit when retrieving XFA data
 (#3658)

---
 PyPDF2/_doc_common.py     |  5 ++---
 tests/test_doc_common.py | 31 ++++++++++++++++++++++++++++++-
 2 files changed, 32 insertions(+), 4 deletions(-)

Index: PyPDF2-2.11.1/PyPDF2/_reader.py
===================================================================
--- PyPDF2-2.11.1.orig/PyPDF2/_reader.py
+++ PyPDF2-2.11.1/PyPDF2/_reader.py
@@ -30,7 +30,6 @@
 import os
 import re
 import struct
-import zlib
 from datetime import datetime
 from io import BytesIO
 from pathlib import Path
@@ -77,6 +76,7 @@ from .errors import (
     PdfStreamError,
     WrongPasswordError,
 )
+from .filters import _decompress_with_limit
 from .generic import (
     ArrayObject,
     ContentStream,
@@ -1920,7 +1920,6 @@ class PdfReader:
 
     @property
     def xfa(self) -> Optional[Dict[str, Any]]:
-        tree: Optional[TreeObject] = None
         retval: Dict[str, Any] = {}
         catalog = cast(DictionaryObject, self.trailer[TK.ROOT])
 
@@ -1938,7 +1937,7 @@ class PdfReader:
                 if isinstance(f, IndirectObject):
                     field = cast(Optional[EncodedStreamObject], f.get_object())
                     if field:
-                        es = zlib.decompress(field._data)
+                        es = _decompress_with_limit(field._data)
                         retval[tag] = es
         return retval