Description: CVE-2021-37819 infinite loop during PDF page traversal
Origin: https://gitlab.com/pdftk-java/pdftk/-/merge_requests/21/commits
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059318

--- a/core/com/lowagie/text/pdf/PdfReader.java
+++ b/core/com/lowagie/text/pdf/PdfReader.java
@@ -3322,6 +3322,12 @@
                             kidsPR.remove(k);
                         break;
                     }
+                    int rpageObjectNumber = rpage.getNumber();
+                    PRIndirectReference kidObjIndirectRef = (PRIndirectReference)obj;
+                    int kidObjectNumber = kidObjIndirectRef.getNumber();
+                    if (rpageObjectNumber == kidObjectNumber) {
+                        throw new InvalidPdfException("Invalid reference on Kids: " + kidObjectNumber);
+                    }
                     iteratePages((PRIndirectReference)obj);
                 }
                 popPageAttributes();