From c28d114b79aa09566b9f605a988cad36b5915213 Mon Sep 17 00:00:00 2001
From: ricflams <richard@flamsholt.dk>
Date: Wed, 1 Oct 2025 01:25:36 +0200
Subject: [PATCH] Guard against circular references in XRef tables/streams

- Detect and prevent an xref table/stream at a certain offset from being read twice; malformed xref tables with circular references could otherwise cause the table-reading to loop forever.
- Another approach could be to prevent TryReadTableAtOffset from changing the bytes' CurrentOffset to the lastObjPosition in its attempt to read a table (eg restore CurrentOffset after the attempt to read a Table) so the outer bytes-loop could continue its search through the entire bytes unaffected.
---
 .../Integration/CrossReferenceParserTests.cs  |  12 ++++++++++
 .../B17-2000-transportation-fuels.pdf         | Bin 0 -> 34368 bytes
 .../Parser/FileStructure/XrefBruteForcer.cs   |  22 ++++++++++++++++--
 3 files changed, 32 insertions(+), 2 deletions(-)
 create mode 100644 src/UglyToad.PdfPig.Tests/Integration/SpecificTestDocuments/B17-2000-transportation-fuels.pdf

diff --git a/src/UglyToad.PdfPig.Tests/Integration/CrossReferenceParserTests.cs b/src/UglyToad.PdfPig.Tests/Integration/CrossReferenceParserTests.cs
index beab121b..71165e59 100644
--- a/src/UglyToad.PdfPig.Tests/Integration/CrossReferenceParserTests.cs
+++ b/src/UglyToad.PdfPig.Tests/Integration/CrossReferenceParserTests.cs
@@ -9,5 +9,17 @@
             using var document = PdfDocument.Open(path);
             Assert.Equal(3, document.NumberOfPages);
         }
+
+        [Fact]
+        public void CanReadDocumentWithCircularXRef()
+        {
+            string path = IntegrationHelpers.GetSpecificTestDocumentPath("B17-2000-transportation-fuels.pdf");
+
+            // If parser can't deal with xrefs that have circular references then
+            // opening the document will loop forever
+            using var document = PdfDocument.Open(path);
+
+            Assert.Equal(1, document.NumberOfPages);
+        }
     }
 }
diff --git a/src/UglyToad.PdfPig.Tests/Integration/SpecificTestDocuments/B17-2000-transportation-fuels.pdf b/src/UglyToad.PdfPig.Tests/Integration/SpecificTestDocuments/B17-2000-transportation-fuels.pdf
new file mode 100644
index 0000000000000000000000000000000000000000..fb1315f26bf2b6fcbef3f6584651f278f7a38d9f
GIT binary patch
literal 34368
zcmb@t1wdU(vM#&{?ry;?xVu}h;O-D)<GyhX5Fo*w1a}MW?h+uu-8Hzo|C^jMGiUDH
zd2jCh--2d$_o}Y0s;|0PtExAZ(pyPJRwhnl1gcu_g^a*T%0g;yY=w*<Ai%8V;Q(Y7
zH*z+zu{UQ{GBO8(NZG)*RhZ?B?96F^c8uz(w4}_c&Q2~S&T39Tpo+b{Gbt<AZxVSU
zCu<oyGkY+bmnzVd6ifyb0$<1oKs(dlQ@k+yr@4O5!7Og?Vh85KENf{B(k111VW&^}
z*KzEB87J!EY+>(2W8`22a&|ETizDs?G;+4Iw|i^k45WF>$Hv0S!@|nO%fiFP&BnsW
z!b#1-LJcO9w>SO2P$)Uso4S|)ooJq(0rCJ#fC<0}U=IL+iy6QfPzE3cNC4cyy+DA?
z?-m<?1;7em|C<P4q5h`>|ElAQ+W%r3FbGaSux<W8K?Ml1cX2WSg1|PGaCeqcbq1>p
zu1l$Mk^TljNQha|-p(1^CCN(4{bEOENj6g6KPv2`tS?xDyEsT$Uo5HuCf8ClwgQ^G
zjF7Pf<IT!R3jY1$7T6pnsz7I5X0XRFs{!4e{~!_j<3s$951ALBnB{?{mPTUs?z-Ti
zETr7LY@}SQZ2Dkmz`}sV2a*2f$t>k$@8STS>bINyZZNAdt2r6jfgE1cH1S{-S7m++
zbhR`Asz`}}`KlQigTN$zINTqm0Fko%)oL${|7JBwOB-jP6SJfZ*eY*<CibR4W;vjp
zxw8c+CmR><%P5dD*jH?k5!_P`^{vYnxndvfI-W&40AchdWo0)wf$ssrkjH(Wsa?^a
z;vQE&mlK)vw;2eVnSZ!F)s?8c*uhb^sl_`Ekr*95)Zlc{lBiN3k~!Ghv%I{V(NsJV
z_EoC&yHj;J?tI*9w_m|1KCOx^wXP{lJ&`x3-;yv<zg)Y!D$O`jJGNVCy8HFD)W8pF
zf6wJ6bUI;o)jG|BPZ@p&5C4bZQlroQNWJ}59l!0cYXnko+qXOBjJZsWh*y~I<`Psc
z8;3Q$?~9O96=I4i+8kjMH9B?KPKd5RcF_?G0ais(Cv7ROVlhVSpxkS!@>$;_`zGYb
zFYpu;*X@RX@N4Cof;}j)A)u!}beR|&M401=GQ21yZo|KuuP;xNa3@dzlwrhOHQQBs
zFs_E_Cc~D8M%t64hA#;;`b^zQ(k%-Q4&=M&D!g~j!9ba3@f;g(G!l}A9nL^X+*^yg
zSLggXw!XK3du*VI``qB|c7D_(<mkKNg#vnrDHMnt*e*wtL45A~kytfW#iqc)Na%s6
zAQEnS`SVcMud%RLcoDO#Egm<iwk_IrVLE9q+ta}CE{x=8dfdSK8YxPsH>$n-uou;#
zuo+IO%Mjf7+3Plyqoe<DgT~k%)SezBx%XU>{(OI^i<-fFt$8$V7*_2$Z%AQug-=C5
z73Fzf=!%=M=AwTe);^W=nx#v4WG&9Gi~6`b#$~h^$s&tik2g_S7=ViUX=PQ|FU0L;
zAmnZwW+#i}y7LIS<@RI7`r6EB7J<7&^=0}ln_!%du`e$z>BxG)@rLz*`^xTR<QFy~
zWk$J7Qz<Aw_Y8Kn+6AodI$lE^njRI4<*$xj;dxckX0hl}A?PZ8XeUj$s_O`4?P#ip
zEJgo=A(3g3kj3JpEi53H-WX1owJn7l&himu%l+npNec_5sS~5{SvfB}s3^6FP$i%6
z$5{m=!!I$~37(0<7Ds=-n>ZHScfrz(d3xQ1q{Dr0`;8dmj~ON*68k+lGPPTRFw$K*
zmg9cd2hU`DtXHZ7mD&<U;rduBb`9n7L7FIG>KPGuKxr_YsBUz11nG$FQB)|w!J!v!
zH|x0KJ_osok~#^C620&CpV3lUjP4b+bYQB(L1dtC1|9SpGDY9}B3sCP(eQh#WlJf*
z$hvKxdF6plQ#kr43^^G!`_<5Dcz3{*Q9VrEafO|fXMXP>T?W~uNXFw)hLNhm7(j3%
zxc*Gv(nXz7p~*ej8q$#^ZXTRW_HiR)D2oS?wMVS*Ekn8rZ9s=X*FO8J8*C!N6W>jQ
zK0&;`R~DvML=D=`G}wgMeekn#@TthmFnh$C#_)8}+ymmhuRa<uObYV!VyNvqWexJ+
zQo*{Q(p3V~>#NY25R1c<u)%GZN+|WOeVZOreS6{#O4p=lvP%99UVa#piGfY9ZdxC#
z-b0^|6BG~PfAbm*rYal^Ib(#h!Yzv2&OA~kWEOQ{G6(Fyscs>C5DZ<1F4XuWLX2Pd
zrVPMmqEjR`H)u77M_im1u3omN98{GMgn_JW@<t6)U`T{9zLd~=<V;DQ5Wq$OP4h-~
z?UI<D+NM5^FY0(uiKnK?v7eH@qASG!`iS;@rk?VSWV%pAZ_G+t`J=@ht>`fK#?)Fs
z)Ky(2m*}Vz6M+b4AeMlGYc;>Qrd;UqydgYx+6-DoonwDV>r5T+_}o9Lo$SG+A{}Op
zK<G)p*)r`1dn>T&VR{+E!{F#JT%g`@%XFJ3Zi`zyVv`rLIO^laph45ypGp)S!yopH
z^S4zBjH@0r3g4#V7xtVtr%n$1?Is<}Q;!~}N!5c{VT?cqAOSO&BW|l+jOr|v7vSXH
zX7<MobCD@WE5}6{+`+RK7JO&<T;>3*ckVBZH&x0p?4<}mdh!t@HGceW!GSt7y67Im
zACpz%_Qd8wzq3P5AxjWvyy8eIeeY?}tlT%9X067H?L}WlYGS=j@HKm&*Tv@N?rf#~
z!p8$(JMMHPH~CS}!CQ`D^(uL7DqXi?WqQoY2+Yc%@Amm6u|GxghQfG@X5-bXKrMUh
zs+F|gOt(F2+Z(=%Fuv5(x7=$>V$&dN!yrEpeFG*O=#}3gvDppM&GDK{nT|`UY7G3!
z92d(2<*RE`r34o5u|hkLhrA3G$-94S!0t!{GtP`1?;Yr_d*PG7)Lg05_<Cm5=Q^%x
z4GLd(1CyXX)JqiK3v;&6NVigL&6^i_;Y}QS<;v(n%!Aow;?CVW3xu;v`A-!3hLIzU
z&PzD!*l%Y_{oi?=;#9DF^45Eh8&+fNq5o9IES`3XK)_ClSc_Ip+LR9AA~%aPDb^CO
z;|ZgNIrqBYboS52xI0gI)1UQq>_sh?Ab04oOS$r7B;#F#Q-th&e5K}_^;}iWLWDO>
z!y;5cnx=B}zZ>Zg2`T{1@<uQcFI-i(^><x@s<6R>3%PP?oPSr53VR^63R7Jp{TDqE
z8(`+kB4yTm*KZ{qTHVVoRmRTwKW|53kKDJ}VvQsb874>A2NLeyIPnbUZRi_a>bc!?
zTv!F?$ZG2a?<0KMMp8q^<xc7(XzJSYfKh9T94Hb1Qwcy859oz8gZuI|LGI$3T7n}V
z-lcENYQ5C7Aexeo%#AZ~G)CB4ibGBZMHoxc*_C#0lT-P7{^Uc`TMB5a@brD9W~Xxt
zX7ffZgSFJ#=rYy6I5>#T1mLjOI7w4&7eC?;=iJXtgB3qgpA~V}SR<=GoHQ{a_$}jl
zX^AGY9IAj6xB|nga<v7QCOhY21Wn|5G;_{5&`OAS76k1~TvWb0NEldC;X6!`haIh|
z=wo!7Dm6dltREn%1D5pMQUORi-?hh!sy^cpmGrr;!gE+WZ#{sZC>t#Dxza8SMr6rL
zZyQQNS?Z<$GBcR?mQSr|Lf(u4@ItdK`g6gdsKPTHwst64BWMalY^Av^I7X$TAb70U
zs4R%PX13|H_hNg`<-5G>?dy55JmA)O8;D@*95|BnYkh%Kim8n-3e?yz3oNL^W<x3c
za@nj+Lj^L`JE)RbKp@!8!srLy&N6vbmyVvg6fV8pHc4vGuQSzM+YnGQ+!pj9b)EZc
z8x(!6ByShF0HmnH78@3)x=mHh?P2n&C`CJSDYSzVGTaQ+uQSvo+icP7PvhVz47vmn
z(|IH;Q82X{&Ix@K5QeT$l0CeW_?Q~<&dsG7Tf0cV{Zllvn4n6do<bd6?LIEL6EU5j
z=}$9yyBX$1+&0yeYvoQxZy#f~R&s<pvzFH2$jY6?XEJ1c2d^~SLx)9a36F`Jjn0ca
zE*11eUrXI)f?ZH{vy>dOeKPxJU-s#A;qCW7eSXL}@aNn1&0|`ieEZgKYpC_A*Y;~2
zwzcVKqY3G@0et7-*E)P_#Vk-otj>=&UUm~TKefD2(%4}v#G$#E9h>uQdtb{qqf9Rf
z3PIP~&YP78h7IFGI@4na!ys(kOXq+pFu09qh3i9RHA-Tnw#y*3FKO!`XTfwa!<~E@
zzJ$|a9`tOMDD?2ceAM=iULU~xikwk2bWG-2dTn0?x2KsdNjmDfu%Nx=b@ZZdAhn|}
zAV|ypxz&4kk!Yq&8=1E7#*SLRP-}4+t`WB$^OQ$-@fVjVzv`k!nfQ41P>yH7Ld>C@
zOG@{<_WQVMkJQyV@Xh7nQ~IT@?lPyvbQ|-%1zs%~_H{qY+>(y84!$8`waXKe%#yCO
zz$vq+nJNr76b=1tTWInIpSj`522dZpAZ=Hbw4F&EyTs9AV*-dhN&48VE^II@jC0%9
zOxa47#dsTEYgdMh%RXTqGkn%VaygrD=vRPBN&q_lNXH%s8`@5j<-uQtIX|I?mXG^{
z!_PZTPBhJnV7}0apjqwGTQnhM0oGR6O=hDm+cK(N^1=8ucYWM^-7rRo!O;Oa^)9vo
z3T*+FjreQ)3%2o`=Jz09R56G9Lff~mZ$ZI|mhH^GKHF*m^3tCL%}J>e`>mK4nXCw6
zB#%=4<GIY<=Zx59*P&aQ4&zHNEIJMzX4N6no|?hX7JbxiOj{7Mr5OL7%<lc}9-|5=
zV?p$#`ISAoiSImr{UXwMo0O_A_4A}@!~{8S=#5j~prR*KN=}1(BNusu4KL)bI|W5Z
zjdUb=*$+}dV7XzZ?LeN|jfa-lJSUg6B>n@d0<?(;(NGb)Ee8IaNNA&B1n#bWqqOYd
zT5Mu6eA1>NvJ}Q-TjoPEvQxaDdWhk&{?pbK)&dtpbc0pKYuxU$yuAngWT^VQS;^dY
zoJ-5njU3I$v`R@!F;14Qm?{y#uvvWCB(r+5Ap6g)K7)C4w$fyG8i(QWvegSJuilb`
z`Rl(>5~z@tS=r|T#~ILOmU2cC0#c&M9c|;n-xH|VJr_qvyWH5``o!Q2DBs8)7S<kx
zf;AFbryG&t!%QLD9#G&=SzY?-Zr=6DWI1O`Z`wp%w##w?f;Mgm1G^<Kb&ojuo5+&^
z#xVs3fs5V^B_XOe{R3x}o+4Cuu7r&#Y4q`Wieezvy-;-hth2>Q{j7$?dUD$>3Bc-o
z8uvu^?63D+-j42?$PPkdQpe<$EtF07^>-=~S#IOg_q)3WlBpE^4;!N)Cs*9rKQ?y1
z!W4JLoR_m4xi^l^I5HS5qKYqZRWTPlRiO=p;yry^TUxDqE@BQMhZdByg%hi|q4zlU
zT%Va}2{GSS<N$c#cUMfRyI+TrhOnb{?i0Y984|f~?!_n!f7CE4ns44N;GUi3$Ft5r
z>u)K)whE-4s4PcWZG4jUYwVo%DfJ5?*}eId^cvNNlfwz`TLLd#t7Yov@9Eu*76%G;
z5qrm>XWgrhRu21^a4AD2I}bIP-JX&2hK1D+B|pf!Pc!_oU{QtkA(ke^m<)xSCc>nA
zPv_BRBYgJD-EMvi5q;POS#WyENpGJTub`M@r$oXxc7Jhr1$=lW!36g8_*d83riKlp
z6rB!_{)j@m@d$oh)p0U#?c&$e|Iz+{huCw%(1daZ$(IPUKROP{vw#??aWjY)W%P(>
z=pnj)k#f48C#<sxG7IP;F-mC!G@r1y_yRcG)?7#oc3>X}VShH{`@v>B3GgCv!fYb=
zF_ey}hY7!ni2pT}Rx7%K-||LK+)<~%kSMB@Y$K`-RU^aXpsSy(ZUfsy3+kf`Ri_t6
zZoUi)1-mTtLu}$#nKD5D_vXszjL|_`399?Z(9P=t=bQawj#wOwo!OAlt7z4bo`syI
z$Py#2p8n(5VP0=OT|KctihRe_CxV}!=G?Ytm)km^jdvbgz&kgL61OAcYs;UZnikPW
zfksC`QJ_RFU_{7vhNQLNylsx<u0bA)wcM4hR@aJh$g;2Gb4#h1RWhRx4|Msq{Q4r1
z0RNkCb04b-lTYUR3Opk$zGdc5o>;g`w*?JM(SG7y-I+Y3?ODD4TNoSndWt+-I{~Qi
zK87>C3fLj=XUPsEyw02~7<9%Ykn9)Fhh7&4Hqw6C>c$_OhEIfFs}kgQmWXMcoC%;u
z271b|=J>%fqwM$+b%EGjxFNR9O?ez}``}Pm<#rW|VTrxO)E(I2<!Jn$y-xrPlk3?*
zy(Cuqeb#9V0ZG8|ni7l5ihdu}`HfP8o$<5iUyg5l5J}#Lb`P)Sy5l{y3l!H_0ceXm
zOT%;a$mA<mPWXBq1PcuTAJbR7E*$kjd(jdDze%Z@i~5)YfhRRYbbS&2ALpDc%^B%y
z>Fagy7cu(rmOh!dp%-DR*6X7*8hJM4bSqMPc9;9sEB+38XWO6Y@;X629l`_eGfXIi
z#VxxJa`y#C@UNqjpCQ&ch<-g<J1t|i40r{=Ar!^;s{%`>kQ>5%V;2lp6t!HmVQU<v
zmQ6gLrYX^Qzkbd+e?}u}Z%XW@cGDmN3LpgM<d}{t4mr7a;<!q`;vDquU%(}Em6>H7
zdBE!*sK5MZAbbS-^R@REL^{OBs*h=s<pi){pUx0<L*)a*eMz#(8ZAmnLs%eO3^Wrt
zk1n^+GHTHK_oxI@e1187N;=iKZe|Ec_$ZU3x0T!FAB5V6pW&2Xp92!h2*NTd!pvsH
zsn4+vPfeoxz8?Mt5z)K?wijuTYdHq`%Mc_a6_EzJDe0&n2y%f9#y}o9v;NQ@`pDTF
zTRU^sYZMiEo5gsG@bxe&D@(+|FBljFh~2M9dK1L2XHo3=$srfMh{xj)E}|U4)PI7E
z#~I#-v8SIStbH%|<Sacu$C^E_Ef-6V9)a^xc0a|6vSri5_`Dq;B^tAciL|&QWX;~-
z#XzSDG=1q)7W*1b!x<B9F+Yc;%=jK(57B}}E6kil3*OvMfavGuDc+B#n|BO>o$qK=
zsWYX=;Z^((q6#)<NetmlP+5q2+x(r;REhKPjOq3@0%vtgBr5B*;7vHB`&n(#An}nk
z$meuRKC*eBgl;)Rs<GsV@+FVGr%FW!@}*aPb{2^njzm{iSQS6`-^eSr&hOoo74#t(
z3VH0f$AUEaZWtNKAPsLFez{v}Pm>`NZo>Gdm`vDA#|%S-kaqn^Y~|=U1;2iENA_@u
zj(evT-bsk=<(Enn+NaQ<p!#prl@8J+d`n$2i%mh-YrlTg1gXYWqP^}HT(+j{&wvnZ
zhJ-x%JQ)U4hOL!VKx?(~N`bp}S|l007lyRP3ZJ4j`dv>Y1P#agLtSgq#)oUh!m@5E
zlf0k{Crn)ygm0-eIVOdPNI1vwr^Zh9;WjOYB>qss0}h_4YGykAe5fSNN*DNAQC&a+
z5tIu9*^+MGpz-6q(*@k}@}MH(MK$N?Z_Ok^tsa-_Gm2BK?x;v7&f2_)fjPQO_KQYa
z{OymDP)_z}%co1+O0ou`5p<`h!d^4$!kzDT8yB9T1)DRQe}~Ec7NPuG#QY_!`?vV!
z@386L<G##d^2`eMPPRri%qB*ptbYxPzC?ciY0yhhm|4}u*!d;CuLcgw|7N9NWD5ib
zikZcXK)~M=qE41ZHVk6+Hm1xHcHsD_rJXsmrlp;z9mw+U?H9tgK#+-(rGvA*6DbdP
zDsV*E(h1}&Zeip^%FYJP75rIeWn%>oH+8lEk#ey88F2nbF5qS4zX<sc&c6fMza{*O
zRN&CAIp}2$8E}fi(nQqG+y+R>!Ym3hc?pv9vT%Z<$A8or*;rY?nG6SMpryHmGbuM4
z53{JN`EO}RIk<VjDGK*L8f;wPTQ5p!{z=Kg!mRb@C^k+Oa0J=t#SWzG?BFmo&{hLH
z`Zu}Q?{GIGcr@wDT%>F)Ea1pD8_z!{E?z?K|Dxo-LxSzUAn_lA0G|FoMB#UC<*%;t
zd+5JN_-|o&39kRYK!AhwuLy8){uKd^|0@C<|AYV+=l=<T-#L$eQSjeE!2Vw#VEDt)
z{&OV$NYwnh^}z9u_3&qw<sa*T^<R=>|Gd<G>-?7m@uy_}Eg+1nZ2$eDVBz_<i{h`4
zu<~$o{r`Z3la(6`2@4N6&BV$3uZ!Y$^65W@gyX+L^0GhuPht7(_y2C2V&(b=EPtla
z{sPOt<mLX)u>3{3{~0v@;eN%+3*MCe_xlwm7t0^3g_WK6zuB*TC;$Elnm-eSe_t@a
z(}aK6i<FI<h565|l9iVgob9u*cT#mQG6DW0iN`Ev=?qc=I*HrcI@sI2?9$-f_K!T>
zTXD5Nvve}xETNNw{Y&2NchdN8X*(V+F1Ej>?Ve|!R{?16BxNK45D*Z6Meq;cc>y2}
zfP;a7g@J~Hg@uKOheJTZLPkPFM8e0wM8zU{O+rlcnvjr`l8Ks>oPmOnkcOL<frXWW
zgM);cSCEHIfQg-h?S%;hJUl!SA`%`lG9DWlAsO5M_<HUDpu+*$Ay6P8$N{g=At2Eq
zo_hc!000CuSlSnX|GXexK|(>pz{0^JAc6^M(EzU?AR%8tK|(`AL4m1#!1n=A=+GEs
ztfDZO%0{r{j#zB|F<EdFVwIiPDq|;<?8Z(3@CZ1#c=)fW-cZxf(s6Kdar5x<iNBSQ
zl#-Ttr>dr|p{b><V`2(4Gq<p`0w>B{-P}Dq13v}@hkW`R8XFg%keKx4YjSo@ZeD&t
zVNr2abxmzueM4hYS9ecuU;p=k!SRX7sp*;7x%svAjm@oJ+dI2^r)TFEmsi&}w|6gk
zK>#5CQ0woS{TIE^!Fs)df`WvCebEczl^eJ~qC-KGvBF@8D#IE%Vv@7@!(oZVWL0*;
zQ?RR?U>iG)A>dGQtWll5sP<d4|4gxf|CMHcSL`2p%>$4iA;924q635h*LO789}xZ@
z7L3F%N0mAJ73#{dTB{IxX4R*P-LGXi92Z+JhB|fC7ln^=f*w9+7IvwO(;OC-<F($b
zIrW4Q;ZPDKdxV*v0Q~p{?IVb(OcLrQ)V$t410M8Y#X6^aP`z`@;X^hIKVd!H^((~q
z%}J>~1F~K(R@|)F^e|=R$l@JcorOHYkqr9_P^phz7Sr>;oh}s+&FwDIO5!><x4Z1b
zqa=(fEEhWM?={IYkk8w(B&<irsMc$zi&&&Nk}BHR7mcS?aN3e8QZ{6hJ%#O!ll@iK
z=tLlhi6BhMsxKVe#$r|H29MH&b2XXDQS5K3=*wetII|q+@xGV}v_w<L$duJq9lAF!
zkqEEE$9M7GQ!{?Q9rqHM-k^PAWBf3UvA{jy>jE__er8u1t(xoS{YlMF&w#Gu$!EY0
zy5%##?{(CT{$0l7D@Nht4JGT#cdb!&*)38}xV{C?0Ff}o`<qF>zfym=%QNV&S2mz{
z1|YVBt&u5F@c3XQyymv&cL7)P3}}xK@lh!^S+FR_cm@Qm6g>k*$tRwkIIZ1H)_b3t
z*JT-*Y`K<cjtGmKUB9np?24r06l+>sdeY<eJiVzrsf(SN$*rWeQD$C_X@$L+3E6uF
zV0+6K$@MMo+K`S6VK;?GeIxcuc$F8DrmuXVj(x5l(vyKbD@SNm&bR%BKL`c&@*%>D
z#Q(v|di{nNH(Ym*rEHgMSRD13xxU^CRuh@e>e!?zJCugEE0iYl)t?2b%&*sgX~LV@
z=qjv#g*|F<A?tQic+~3|a97;_xkcQ1Eds;#-F{j-gJa;2NKcw)fFPUoFCS~2)|pG~
zT7p}*pJc19qH`h#(6AZ=sE7K?eFdK%>`QL)&2T|qO4-kJdK?1xA2*Kt-u>Fij@g$)
zpc@0be?S0udQ`6y!O1#dnDism%h81;>5O9-C;CnqhTbo+G6U4DKA0y>lqqYq;VLv1
zi$6+G9ZaoGS6;g_-FGFYe&{)~92Y)f0(|cWn#_glPk-$WNmbYGJq9IZhqmTf;@&OY
zX<JSo3k-YGtVtCKhO|=D)+EdwJ_BINel?uv#k`Y|^{S5)29oKLq>v1^c=h?6@$DO4
z-ZDRZwBCt=clQ)Va(7*jlSCyCIG2W90fC)H^Z?rXctiM>$ff-5A?X<)#xd6!Y^9z%
z79xSAA_xE*_ID}ESeto>x)XkM6~2QnGj56s@jFxE@Vh(kyTBApGhAyI&$*d$<4C8i
zt}*uhQVN-UHN<ZE4A{syE9WTpxye~=e2_9h$tjR(dm58wjjZaQfm|fcP&I(3v`31-
zDjXnBWvl3fT@EB<Sl`WULM{vIa06-IY)i$yauXcv>2TAyRot;oE7!VFU$w3->|ZB(
zhZBtF&sEvb8S|;{!4u$qxi6aM(Z{hgVwoLEn~tX}fd%-ZXtp**_VukFnS5G}$ORqb
zP~R%m!W@{~WOVVFhmi&_z8w|_kTb*Q+Ta->3><YWgH*X8P0_AtHS#|s`r$G10Ppzl
zEi!POJCv~;*chc6lPJYx6b~yJmkRJi&8M##_vQ4NoaSgRsf&09RMmsMTVJJfGPG&3
zFVZY0+m(mWzJr)zR9wcTprwLY8w{0uhH9kLIy8v$;wWyT9eH0@V?i~D%KjE8e6%2x
z!EM;hsoLX*(jvUhGG5zI+id4MX7ei6Z=Q(Y_I`#VbNygMBhm=p+tB~qo^n-FKHppT
zRI(H=aYg1Uxj;zjr;yEA>XUMV6Z39<5~Ls3Ns&o23+*msatyKu!mY=*ZX+Jj#SIJm
zBDd3iAD@^)1&4rGxqe7)h#8ZiTP{TOO5;od5n{t$+WZWKn!<`YcjLuYe89+3v+3lZ
z5;rtqwHVM%l=u-1Io>YyF-7nRQ#nfDN$84dgA6f&ALmySNXN%rLeu*x-Zpl3r}a0X
zwscR@vqmu+;Q>M^-*kKVsLDgyu&t79W8w}@vrJLuD4hK(Gy2**GMhNEv<K}Q_b_hi
z*J{RZOV{{6%njpkDBr^N+RS=uog^l}#u;Vl&-Z!IBe631HrUm!Ppa?{zebhvYq^u{
zYDcSC!L`EFo||9lrBwFF{ekt04c1KH+(2qQ1MVjDym!9l>W=duM#hbTqD0F2l>!`R
z>51Z#<hSFyGvT|}noX)adCcFYtl(~Agh<>g?=0MeBVo@u6Ta<uCI&hr-sR=!%97iw
zo59kjng<>lYH0?0+dczgvb&#J`k#U)2}XP0<=*ND42II=x&>M8JdsSf+)_o!R$C_q
ziSuYcS_rFZCxCZ8$Y;PN^|xoh4Bj)~f<iRGvdO_o>h&`K^+6-enZLXP@*%?3oun)I
zDPzNjY5iEbB^YmuYSaCbI)S39p~%>=+<9I^YMeYFO7*Fs)EH-2DVrDlcH+_%J9+-N
zPgPgrPt|o{|I5Uc!W+BwwbO`WB(KV+tAiQDQ^+T&C6lLS@N(C#BPN=zWkF6%@Zd|2
zjILX`-_OJ4GYZMg&b<)C=<X*$b)Ne;-G-A!shZ##%uRnmHB9g9Z8PfWXKrP9-Q)M5
z?{V1PHG(_L=G^;<INfwdSj5WpMs|I&6DL|&5NFM=^mQDayIV^;=1wRL5l!a#-?rpe
zjUz<I&w!8AYSOdx18CuxPZQ8jwPVw`;l}Ll3XdW?p(}Bak94~a7NHrCLbfTgErE$2
ztL_Ro<pNOP%6?@h&%^goeI{9qv|do>PbVmtUEj|+DgWd$gly0^-mRKW^DB+~EX*zn
zsl#WYmth{c`kX+(e4?=U#8T7K=dyJXDYgcqB$T}-7R4eiJbMDJNKz(e_l~YLZBnz&
zVX<o=CjpZ7iqp6S$7^5-8cSJZSa+TKA@0%esS))NPV>j*rEqA?*V+{%!`;NA&zwD8
z%DKa%PN+P0ngLcB$Svx5zzjLBPyMI!8SKIzZrk6XN<pj8F>*OMt8N8rQCZ|iY{Yne
zD}#HWjgOMtP5=7hd?|l8-%Qh0Il>L~Gk`+=`q6{r5!rf)Usb@{{8X!U&5%HN)3Wjz
zP)-JZPO0@Ow>lY#KyO)QoY;uKUn=RtmXx`j_csy_jbhDi(&t}$286oE;W>M3s6K%F
z(VhYQm3Nwk`41SARNYpdd94jc6=cy*<^bQCC<U!h$E9>lgYpyMC$Z%AN5`n!<QZb5
z8@IJ|7we0LuY9GweF}bya+o)P`obSMM^LQT^mW`_hrWkGs~jb+Q+jU`Z$3&GQkHsI
zIB52(Bwsl$r2(;&RU8R>uOG<fnesTdPRCc<W9pj+)dm&I1)kJZ>_dssKSXm<kP+ns
zh~KTZO!Vncs^0Xgef{OwX0z(Ls=;TWAv-C(qVWtsxS(CLY{*{_xck!7GA(@>c<R=*
zx+*w#jplc`H&xzC0>30(=mHz`W!0mif+U@Ven3^ODk`tZucPtF#fUTr-?bNSyDGFG
zC~thTMBSiHC@9;1JoH>qnkG9G@KW9dpUv4F6x8`OGuVXeNYZ(}gZP#XEx>H+NQn_H
zLlAGYBZW=m>W9XmQ9FsN8srCZ?D<0C0)BefxP84rKV87dvv@`)+NA;hr(Y77domJc
zKH5IEB`z387(enOWXi9r6=kS5nQ9M4_9n+}pLJGh`;oqnri9LDgB#@O{#jJ(8lUr!
z9DDIDE%O;rH>kL!_w?-)QNHGLPypw_&8-y8*K11iGnkg9&`)c|^}r!)?#f-Keb3h8
zZp1WQdYD}GIq%4@&v1An6=j%;H>K-gNK9Gg*n21?V|cSq^!>Z~wMh@L9>R-p&j88S
z=gH1Sus@Rb=q8f4EHC)RPBpt<w-__pzm4_``AjW(yZV%X*?E$pd7H3a8~qG$9zqd@
zJey%q);*>XR#qmEHQTpGzsoFkw^Fo)MY46b8BsXV4DqJUvr57>Aer)=VehWoxPK>8
z>xAL}BSq>`_N%3NEujT%-^~__HOD6dUmY@{t5veWs#8p_@UTEb-Q*`@S0gj_P4g4_
z!faO9yL<hf7&{DnF}m=W@YVF?gz1^D-ZIaC=&6E7@B`aHUm9GI!jI51$Dnm{eQ%Ld
z#_6|=K-1Q6Wqdqe2FE)M<gKHEB2&Y?nHdDntoUq_8-!IgHO(A6Nq&mq_$|gcC|B3f
z$L|!dGxnT2hDhLNl4GT3fTQr&GK}W-V87GrLcfNLACtzy!9(580CeIg2`tSoo*`lG
z)lZUX;!jQBJyUC{dVS>fwF~Oq{v))BW~t(;RE+9|(YtncA4^)zW7JY@nmZ`x7Z*E?
zGX0y2y?mDX0AX^>8S@71LPdi~X7&vP*HKaREx3buMZH{wo4%mn`9*lCYc|)^x7B%h
z6>4auzW;_WouDayi#L^B%*@_tQMRFT<K>9RF)w>Nc6p|^7BYIl*|#{qs6A-h7$9v*
z(zPdAE{07Z7$xMq1#2cQfu#{_B!Q&_o1^VFKppouAbep|&RZ^3qhT0?0Ru(CqyYB}
z$PaE=ugGa>RR~>>8U>5FxXrH^ymE#Q{`XMs_xMG#K=aE37ufzkSAN^StCg>1QR)<b
zcdb1b`<F0=-zKN^Gr-^(aL-z<P|kV-_A#<=hIiM`fVl`fzje}{X8_XrPIl-;6bpUx
zjrlWx#53gn^TSVvgrx`eXFyb|_+!tLS!MYHmu<)sxgc>UO*zXYD$c3-Lj+&Qqsvo3
z<u~)*j5CfslFOMpguZf}jE*Ssg1)YJpS8=}JQ8;wtItxS6nR)E@tTodWME|>{!(74
z%Z5yB`&H@HmP9U*MHf+@a7JvTNp35gOc2P(VJymHSERap;s@yNho375A&mCmSRyBj
zQ<e6(!Sm6aYmfQgriQ0p-;HY0)y{D|p^P%2=qgAEU;O+k98=tW@?nSf8KBJk_{bS6
zMAmZcb;z)h{6qgS#W;z*VX5XjK)+$cW*f3r;feMXQs3G^G*1g>T-p-9ECnTx`$IeR
za(@}@bg5c~qX6ArOc8DX2i&lHjFWIHJ;}a~Ym-olDah8u9usw4tItoUc3{tdblTqD
zo0=<@G!$7zM-^)vz2R1(t`cz+WuvHwQ;}eC&Tw(}WMQ6jDV*k-Y}2Qlg6Wt^fc9{4
zqi{VgHT}RE)i!2M9!e9fhF!8svKuL!4RunT<VMQb{tjCE8L*N7-e|YqoCcS_`DSEd
zlG8I%sEzmqY66=zBT2}9=*&NEf_G!O#@kRR&wkZb%)&dq2`3y#_8tB#trvw&u>ic{
zEBG`mh4R8|`MYteeqxu_B?&}FQ)wmOWgWl~@e$WrKcO!XJo#(*U2pkyHAYY?wT|0z
z_>d#BE69so5slp{ba8w}1EwAh*g5*|PpA28=!<pBPAAI?&93a6Nity$+cV}kCII<C
z875JsLY8i@qK0o>5}Wjc!Xv2iQqkCva3Wc9qq_2Bzj>Il_6sPI?iH^l=j7;HX;#QM
z7Haoe#G*}~mIS4ek@WXLdLhj)=ZVw_v7F}pjEE>|2s!8@U1^471-8A1$KRibld0=}
z?N!$Aq0Us(jJS&<+ss1^#6zYu`a}}pq~Xgkm0LZ=Nngq|%_yvz&Tmw;maK069XX<5
zA!dTNX#3P><$<!w(ouI_YHN{FNc~42Z-IFD03InV0JBeq=TNec=*@*0I1WM4#QpfH
z<QZ^02!5L;If>k9zd)!4zh%=uVGr-jCw)3<kuUG+8kA-%c&oK+P5_$}Q;)bp!F!z}
zaVpea+9}w>r=F^`ATTC(Hau&I%L5;@={&%*=fG3&lWE-<<G|Sv%yQ-LER84RD=Qdm
z8A(4hbmNUOIqrx4qBsrO*fk)SM2;ucDCHBSyA5#$RtNBGdKX-Li?(jcFE3nr6Ju^+
zV{;TyGoklmaCj)<9-ulgnQqC;#cX01A}isjgOj&z-Rfo_rHgM=-*`67{k89hBpia+
z1us7JN~y+Zi&&x%!9?i+M?+3?Yisf{q7gq{H+`iW(;Uxg#@0dDmE8WXF^=Z1$(9%U
z+El*U^Hh|N^6Y>0l?o<r&7#?7fQ^oxmJU}|!Te)|?bnY^y~EPCPI&Lb-7fR0PBjW=
zn#kHGO0%k`X0G4R4h<04EOWog1RailOV%H_611`R>*CJ_hbx#yo*v3?l%D}`M-izJ
zf3!3but2hn8I)d#5?E^SSjrNBzZELghAHQL8Sif?`xd5st}=8*{iDgvdiD_)x=<&_
zpIpRWwJuJ3$u<m+e%P=t&_M{0pG!%ikUXV|=u19dFc7DEI^)?w5*dLF?C1GaJn!y#
zHI*fKN?gEL!+_AU&JfMdez4emTEagRA>4I!Cz)eu7O317z|S#X@LtcJVems-l%17U
zi?tU~cz}<v&%$!Qx!JN_w1mSrQt)lx7G&z>ZodvPFVNo2c*rtQh_E@7>Xh)#r*vt+
zz2tKk%2u#CBJF#4iVt2>2`5>y5oSi;^pB=AF}-8f+!0vMu9TztXOjC)KTm6lRder~
zP<2e%h9kmUs-7dkQ1fgzl<LY`>+o&;3Uh;wTEO^ecewn<j~P1j&?fwnNCM(mXEzf3
z0MDz@FCD<Ba>QE`D^c5_H3UsxZwc+-Yrv-#wPr3aCVMYvb~U}X&JnpMA)PWZ&w>~5
z5vJb(a8<(3jBg#gGp|waX!5=eHwoTumoU<lAT@t2#y@Z&qtvRcwRmNDuW}b{9<HYE
zY^lu6%#!Pfj`dpPJ3jB760(}OL0A71CO<FgC*ad$z~Wm*#dz(F)w;EMVJ`M`!Af1v
z=|s*_;td7s&+jAGT>1O3>Lw<gP<1wqr^%-ul-G!~(R$+M^uMb&E_7}Bdi=`w!`ri7
zn>v-6W0Z_EC262)c?Qt5{k*+zJgz6=A4S1v;@mu`8X!*HP-)UV6kzLg#pbr9fYx?B
zq`*6z&uThRZ(WY_15!QCq!fOyGSD{?7;qf(Jp$n20bGmuM#5YOKxG5(6J>BBzqQ)c
z<9<m%?t`1>?bwe~t!ppU*}LPcJ#b}R*kfh)Xx77W(O-b04v;$IfG+kk^q83MrNkM)
zsz-I$V*$D->7FRT?&?i?a@MBT7saj1NE{Vr${^yoIW(&kAC4gQpO=y#?z!F7g*HVz
zIJ~W@wD8XCX59|vy(D~uD;M-zp}aoV+3rqiDxZG_)Vi9vcf9v>QCn<4p7R2Uh%p@!
z#hkqJGqFrI-n$M%N#h%VgbL$NIx^qfMDcCh<`}qO<l9!oneio!1?rB}GKLM{Y{l^h
z1V*fZMj>^Ch-a8;>sw<=ZN~@Ulkv<$LDZ?5MI<yEbxs~IRaE}MYqq%3#%#|3V_cP?
z2VYl+XTbgh;@}~>wgA`k-O^ExWwE|)Sf6GxwAP$<f@@%+iqy7>1u^k!?A)vDJFh~Z
zYn;tsprx^_&lC~(nGoTZZl3{}Jf_mra<@F!o$W*?A461=QW@6a2I5Q`Xop_s8K6Hs
z(`%WdwV=hOXkka5Xzrl&3Stqk9XIOh?BD0*rvrX3>VgWhHn%3OFJx@}xbDSsijNkp
zz?ZLEM8akDAcV{1cFjI(HB%R@FMsv<a09)nCgd1RTSjjq)i>cQYJ^>66uuXYLg8JC
zr4jb`u%A#{=QDONK3=Lv-V$Z=hAWngwm_~N?4*U#d6qRQkp*qIVR7>UN|1<<Z+@x)
zftRh$-Q9>rbDi!ChU}|co93&-?+m$Du-NZVA$2<o#BDg~yBTW-n(7+5V1ovzDuX&<
zsY!ojO$aC#?bW}2H=h?CvpDBdb@0$VNKk=AcqtI+^-Yzd9Z!GRJ(P$^YCP{=jZMI8
z7(^Yr8<j93K2z8)E~1l_L;Z0*c}5j;50}lriWSbhnJ(p{Nkk~up>lwidFq7l8YYHR
z_J&q7g>0vPfW*0@e@4=Mi{s_K)-p-!DN0tBHO7))(4?5xm%(?2l@#_>COp_eQS0!L
z32RI2GF5c}zph4q1~VAfM~EDzR#JX|@y++I<*?u3N=~cZQ?cSkC0BGk)0I3T>?JXZ
zStx?6=(U+aEOZ}HuNdb{vgYS%8>fz7g86l}Db+V^uzEh4&Z?8>xm=F>d3D@H*P2te
z*)1KX&eb?YdazDp#2^zj59%Gp;x70h6RGR3QQwj!H>oIt@y&@}jST_#?$I4;IC@S6
z4gx;B>otX$mUD|;4JWm=%L(Q{!L1D$vvpaoioG`xAqrxvCyw8@TdDekvf3sh@~*P{
zoY#Tr^dT<VWHFv>wn`8r3YV=CklW_m9&6}@I=#@#^~JJV!`0ssKM@UGd%ocjTG5;A
z@1}EU<a8`v2`gf38<b{UrM5v%b0b<Yw4?W|zO-&EvE68p{A{GHrZ7&+uas&>82ObX
zhyx`@x|bNHMjv5DN?%b~S692|)O+j*iqJnT4PxNIYVrv)K(@K@@Dg!f+%wB=8b;&|
zsfpuYT5jZiXtnjXhyKHoLMq2i@~(vh{JJdAcjzd&jXU@SoeEw18jc?nbCe&yq>!2L
zfWplKEUIy9eSRF@ytSE7nJ7CvDl45)j2f)34=+eW+i>7jQ8)k%`>-lYt){@O>N3|F
za3#jx4i!|F$D$l|_$)1ehL>hbD+}jSglliZ$%Y~EW^uM5A@O++BU_7ubIQ7sO@@H9
z)*(?WQB+^-sI87RwuX>Ekx%h7btvET73h_!lQ(*s^0S<i5@%@ku~W@uxcy^bQKIS*
zV`cgz`I9H67+n-GE$+A?iY?Eid}w7;hQ3UexDMuS!tDNHxpfWSa1^93lh^psM^w-O
zJ((!hQn0ee14(2VyYI>(MwReOqSFSCauKj6y$~&Ur)*|euOrkun-z(Nfj7z^orNv3
z3eiWO7S`!HeKlfYU$m!e8L7)fOLzO8xR}81q$M3vBXGa&zKkM*3KeS~U`g%}zFBzR
zsp#7O4A4!Em3LG4C_Szq)`!UMVH*xv6YcmNDm-R9jGa?ufsF{Y`{c%lGGKUbw`AZA
zzqYnE*}yQ?hO1ESr2Sg1A4Zyk756tM<1;8Lld~R=;YFKa_7T15gtjbO7s7D~vN=TC
z=%)C22ZEaq2cjdb=KZC8ck#K>UBf&|Yncu|4ivby6W0_)CBE<_FW<)tuff*xF<!;b
zr)N*kRO9ClNi|gR+7P9_a!{NI2c?9q#p_$GsN1SM9=#7d*l>)prpEt1HyMqr`?NgK
zQc3>fAc*@&OYZ~M@it^&eX2{L)F)f-!e1_lcx}UWR2bdlRW$v!4Ll<P_hW<I3m#uj
zZ-_e?-qglk-5IhS9~RN`!G?NoHYF$zjEKRNGV+TB_ubiw>86AY?V6x-_IB!bLVQ=k
zf`$}0;VtT`HXf@kDeKgG1Etvb86OXC$Z=TG{Z}S2d8H*+LHh0{Vic?GVxelPIb<8^
zmckDr-Aj7QC-m`)1)_I@5VRpm%)f$t)pdo*W5Q_`XYZ0rEmsQ}jyV<*rfR8uc)c4S
zYrNjN1F|6a&|n39z^~TE3+R+p#^%Zml97XWWrvOZdZ56-iAc*UzShKCskt|7K&TJ5
zHkn07@Pv0>D%B+5#n9{rFJ)0*IltEw&UI~18G%p(R8HLr-GYA@$QNI2mbI1_;$c3{
z$xuM5n-Pus@s<J_b*MHea&<;lR@(cFHzfmlcFE#e2eh>8moN9GIhD<$x?(q06X3w3
z#ODLDxUnVCsh%>OEKgq_XQqW<Jp}SBH9#Hvr<yEa*UO54zJp)B;s4vTX;I;vpM|zy
zWkQbTeXj^Faq3hP4NRF?TWpm9#|VGCTclJJB+|gOg69S)p=VTKam<Y!r%J4WB7+$^
zOg~~ov%g^T2JFmP={)T@n}@QL>V(N;RwOThMWiU{APm%Mr0DA9Lr1ag+NGs>(B@!(
zRvrzui17!ARFn)Fp51h7t5B?DSgap7C*!RA<>vHt5{N-v#}1np`!P3@NqmU<(gyNk
zKEo8KK}rNBiGb6ISXN!|H=T?IFlj7iHx5;>a1AXH)IE<FBh%RYkPsqCP`e4yB`D7Z
zD@rVhS7FfcScrHBl;c*gt0kDs2tWO_r7{@2n=6QZEM1yAVdHka1~^_6$GY3Taq}qK
z{5o$0KC?^+S#8E5$r>q@XE!FrF0%SHf;nW|gxBjUY6_%ig1QR!2f|fQ<nmWe$|jbE
zm~^kNB;J+;5ycP)_w9PC_Zp>GAeK!@jyu#8fojHsQyGe89FazX1kFgE4&}g^QqoZ@
zU3t5DC%COzT{8&H>;M=+zI1xC#0++nx28nM+PO<0rfIVn0KmpoKd(B{0lwofBcD;%
za=_a8Tyonoh)nB*rTA-~FuSHj-j7+DT=2^T`AaVF@3HUy2X)lvx&QXuBip|myHPZ@
zQgyavRv_hI0iR8JIdDkI&dtOAx6>rx!#4l=t#4kgzaAfPPfgQb2qo>0@!`H9*+XqQ
zONZ~P(Bf)_L(IaTg{?+qEMi0^mJd6HJ7`}46|?JXxaiG#Rx~vg&?y2pKVvGZqwl6h
zoqs>H*!_MkP3;>_QR}_wy9pwK_S<=+p^lu6ISuh&Ia8M9eaFAo6XnVAP#&IB>KyNT
zksMVO+2(L1Ajuz<9O)66liqKGIYUgpHt)@Vq)+f3#B0?%q8x?r05v;*3VLNpL~GIz
zx-hiAnU)_A$6`bG!D36g_7d_sb)GjW_*ADqoW($q2X(_GJWO@GqvUlTL4)n0bn+Lm
zes|DTj!8>U$__MU2oax+gRuirf+`;?{X-84>uIV{m{647n_&W}d`_4HEk{2hGpjEP
z9hb=0+!msX9Cl==iz^+Mknbx@(i__SPpO$+<Jqr0!Sw0g0J}D+kL)`_w+Uh8lrfG_
zqqRbP<-Q1PJT<)9vgz+>!dhIh(Te$a{>JweVNxQ@{rdE~?o7-LmlD!^JwD&HWMqcX
zb&N6(hH!2pJ(2hz30*w<PK%oY&wO8oGK!-l*(8VdO}U?Oo1J2iuVJ<1nUJTkhX#W>
zAE#g_@-Yz?-><*ryZ8~uiZVm(Z|j1Uj+E<fnfoz@dRFXwrcoL$yrrRvHV{Bv6p$dq
zuh@qX$imZ+T+kUOgP_D^RI8IN;1OHgfDEXw`c8vZ9IH~HWKG=|97AyMWd~dE+%y(;
zD3NVW&7Dn>SPOuLAy6!UPoelF^rK!b<(qL{nxe(>1^=jvaA<i_*>)sJL$U-+OD#nV
z&-D*TLEQcvczA9L3#8kYPK)ne=^e+FP~Wn^Xpg~mVA@Pk6G0D8G`gQ45k}A7?DH6X
zf@*P$9MbNPAI^`>O_isxwzMDToLFYLq)C$UU&Tg*oaquRko=Gw@yqhUv4W#>0_JN1
zlWU+RJUf11B(hf|yiNy&qe#-n?C>D$cUsLJOzGlwGef$fS8>l!iRL<x&M86Ghy^J@
z)1;O3ebNriGGMAqnfAcAjStg!&Iqy42g!lcAMAgQ(L&*QjK6L;=3TS>Ok8h)d^4lx
zkO*a{O<l@bq?yS!W#PCCzp01+F=uME8V~<KCukYKtrs+%X+0$t<FBZ$1Np2QQB}L6
zUjyTfjPWUEE!_IUAbeRROe@5+VSJ8r41z+^^p<fv>yzuaAsa7foNl*wsbl{KzaaaO
zP(~87N`=Cmrgl8X9dYVe1A{l$1EOi9lvctIY$31gE6g0#A58T`q&yoCk?%88nYf|3
z$sz>0-ZFWmhGkLcGkK}->;`XBr6mb>bDwYJ==rDa#9oZb5mVhkC14w%Sef&Xr@m(2
zEOD5mX>s<slgPK$=gT<X+Pg_g{XEu~yoreiQG@%eC=k`KA8Xrm0&hQTiuMLMT<keN
z4#>s>l3+6L&1^^#Gi0v8?(0Dhgc4-doG(`5q6<phPb09EAo^j;#)FnKp+Tu?ru8Gq
z6lwU=8mc3}LeJ*yt8gi55rz(Tq<~K_EdkjMIFWK&JRW|UG`ZEk=<%G0&cm)o*C&_6
z$_EZHh+uF$#fy;kl2F+UfNaGz@9t0SDb4bYR|A~%jx^ucN~9;k`)>OVpqo$bV}Eq?
zo4gowA8>{k@4;72q;KVk%SzY>@yh;89m}M{9xhZ(WO7wWqPygo7_i<5-$DL_kCf4~
zlZt+cMfb7!bx$UZd6^ec>KJL?X80Rc9P_tHZ+AMd&&S)GgA9pT9SrxRI7iN7g&%Nb
zMJ0OP0sFEg1zXgbmC?!_#_4>bb;jsCIB5gmcq?9ySYO2Vo=R?b^rW3c$T_~^bRhPa
z$Gc?rX<{VRZwixG#g1<Sv9e}fDQ6)1G)?Ry__R;-ZDCBmLZ!KQG<Xkh2BoA{kx<f$
z-YwwMr0PEy)|B27fJgLAbLZZtgBsE2b)Up5krk;DqbsTKfldFm6*60%?C<H@313bM
zPZ0(ga-6b`QQx^WeoTCFv%FbFz`DE0%)q^S5()L!KC`c7tz2`z*cB5dx!9G}hxKV1
z9qC^UKg(N8MQ;r2Etd;+@4+9t-X6doD~R!DlW3w$XU|qt9OS^pm>&lBQI~4%+)JZ+
zKy$V@NnSi^^HSVh<bt^i#p>vZW~8UFXCG7KnUG6{cjD{&o2JVReqvpN4Qh*;jMGFj
zVcp6(4y<Tcr&3`d$~k5Z?i(-D@}Hu=c$5%kyx5f>NOBE|@BDh+5~_`Rcf0p_o7L%J
zIEHum`;XP41jr|qoe68>r>%D%sV5}vI0DcxB_$&<1?bfl&rONtq6EI0V&`{IciU!_
zXG|`3eRmu;L=fD_b-`;u|E%yPHCzGPx2HMCj_OT@W>-Y@P(wDRMh%Ol5WlLy9Un33
z@IC~T6!R_}1&*0~9|fQP%8&1kJyJNue6PsLGPx-nP8~mveTLWis;M(V>CVQdY{}fN
zaFOaHK~CqH6)<u873usFdvbUvvm!5{y@O<!vLpD<hWzkOXlNXJwkyDf5O>7Lz<?G1
znkT21r<c$|ihuZ1a`O4*Xpe=Idfpb=HA~K*bUg2~r-3p$yO_!_#iDYamDrvKG%H{A
zaU32Iy&)!R^a)XtrzitErbnNYkPDTuoL0yPnwAVpgGx22WW#!>D>aXVp9o<d3M)C*
zFQWv-PeE<UMPosUh2b|rmCa_7bA74l+6X(}DJ16<D4&W9vEF0lwSg+=DVoU{IByX0
zAE+fo_mr4ssx|q2ubV^4dHX!P&rg1>{TzuRAzpqu-!2H@&JcP!TPhH4^Sj$!+b4<i
ze7sNUzrA01zT$rN99Xb_It*ZbJ`?WWS8q39y}~x6$0d|$%|-l<JI|?v{!s0i<>hv-
zQG-ZkzYN~pvl*|sWScxvn7PlN+m+I^F5e_h$%YD-n!T>{(%M2vY<)k`UF=qo7^JT6
zR5%G&Q7jXYELh?T`|XPs6L%jGLma`>R$ogX&?%>BQOm7D&W^*7XPDsqPf97!K#Uq=
zM2DO!M-tI)q%%hx@y|S|rX29MfTTdTF-M=I*x|>00v45{>@afgp&BVjmMEpK;hm&}
zn`EMCObyJB;c5cArw<v6bPwy$Y$Ilmnu)Aced8P_Oqo}?4%2I_P=rU6smks@D{y0`
zwdt{_Z@j87G9#k!c&|Ox0LPH>zW4v@?p)wv+WI~&PaGoAag<yt8BsK|_u4aia!R6!
zbm%n-N0K6iNV%n}hoXyfTsk$*Nx4PJCBhN9I8>s?>6jelQVC&HQd7FuyY@`E%>KXU
zdEWQ)c|Py^dHGDU=D*ioYyH+<dwu`=_TT*$@Xh+75^qZ9J8U@<zue3^J=J&ELA!mG
z+T%~_>1>}HV^C}yp)|?9w!xYHF}|R2;ITDJ)mLe+Y*W8_+@P2-_|3A8v)fmto%D46
zJ`e4cSJfwN9lr8s_3zEB?~dvB{RHcUL*3tP2rUaf7!tYlTkTri3x5Vyzg?JlR^-h2
zwR?Th<3knRPc0sqW~{sJdA7{Z>PW!DMV!s84z(Rq*WSD;bDA&WhatIXNL$l0$L}>O
z|1mhaBGytEyVUT|#VzYcEOT6qZPX#xTuY(TQlpHO3plNg^Q-t_7gG)_O?7lyK2sQP
za_7VxCyszIbx15z3wCV~IHlXi2H4|h60tSn6XoJq?**K8$Ezny9-W-?A;r($sirw&
zlG2bgXXv=CK?iOaMwy9C^(H<apKADSa>#@s2LBj-w_r)sevc2SZc*_&oSeF))oXok
zk$K<U6#HI0pQ^EZkLN45l#Iy53%=py<De9dPnVua(bj!oUj6!2_1r&i3{CrGWMHb9
z>n|odh{Su6w+$y!Omts73QC#g>Ns*wy?3_bVQ%V>e1Cy!YLSl9fSH-A<R@B#t|oKu
zy|S0L`Z>7%a!>NA;Y3BT1TVN6Bx`Ow@hE7unQNP6uuR~3tx!VM4Z9Q{7CEEIKIo?m
zPQA^hWsQqA&2OBu$)>}(V_t`~ze&gb&EEt@kJ<F~)t{G?a5CC`N@F^sEH~3m)z{Q_
z`)@h-ux#nsYVFa_A8qU0Aa6TozafmSX&TjaWobgCVPe7~9F~X4Cve?Wq~o$<rbRsW
zR#o929AWOoR?;PVu*(jk%++#_Ye6HGxlR^Jd>vd*-jm20Jf0Ry@S-+GPVuY421ZWY
zJxP_kDlvO<40pbIZM)m0y50A)^_ScZ@fy>9baRb7f0|E?{M9s{cOU=M%4@iN?u43J
zZQ?BDpWl;krj`3@_qj0Kv@=ua@8hp&_xJby;rzm`O)-~KOx+?pU$04yf9l{eaHa*i
zT9jNUQ5YLIhs|71GHZ2mUN^QLGj$7-93n+nn)WXLdF$)sqD41{7QM2^ZM1jwOK&|8
zl>JmHIdq5{YUcXTGWd?bHN8->*}*mao}{M1qpVosE$3VhvZDvajJerzG$8c*GGF`W
zk#92Jq`f)zCiYE4%axXdmYwe%Ta2nrK8*PG&4h+%fz!a>(=J!Vh1bx{A$iSW+=CnE
zWJkxJnUZzGBKKkpKj(d5iuULikE&nmgmRsBtYF$7qShj|G|9i%`dsJl*f!JR`Vfou
z@MkhdzOetLfiD*AOkPm;V1U}X{1#57%+U!OC%q^MPnIX<mtL+kHyM&+Ol}GGAEJ?4
z6lk)dB;xgv*&Uh2XiEY%<rM`^T~QJ>YmA8NW`8rXAhRH?;8;OyK}5zC{{-RA4UVUb
zOigyhwN{_3U%SJ>McXyHQnR=;?fu608r={0g!-l8U*DZvXIJ-Ygj#Lp+4gPm<-WuI
z_IR!C@cq>;I>eC#*;nB&173>;c$FOR%sFTwE5pXQdO1fdWMgy{sZ$m*7iH?ag)Bjt
z%CL}S4KY08;+ojmSDw`TZSHo#>W*<ZWuZvTz$r^b${nYsDN;M+N%-2OTJ10LiGFoj
z=f91z+c4~&&ZH6H!z;BdhtWE9UndVerxCu=Bk!5}S4}^5>a^MU47-z-*Ay37(^%W2
zxl`>_n%w}eWS>HZipGWeb^n-G5qDT#T|16Aa&_0!mAU;M<O%ys-ZDR+K3W=6F3|ql
zFG-U;r|Y@wnK}LX*{9s^90J;B4}Rm_|5=Q!k71<RI%!Lu%+AMXpjvH1<8w)}an{Ch
z{V&<Q&^cwCwN;Ul;8dW}mSUV0s<h$M&T;CO2K{+_`?U|p-#*@(y4FgXJ^TE`;{)Q}
z0Gp(k&U$h@bHsD!lSJ_q?aXH-?UwG-QLyQ6=S%`_&l>D?(udP7i!YZC>-*R_VR+7R
zOPPy4apY&YPL8{!EEp&8rdVkyOHig(S<14MDKAS|nLgeCmzQ;<HYGKOD!Mowr<@e2
zYfVY?LPhFkQ_@yt>TXlgm4#v3x5xtO?Mq_Ho$)A0s$W|Y(`9MZ|5AmSdc0>%(Z#>s
zEM+z!Z6})#|5P$AxX@-x+X!!s<Mff-?Krh=@bPG0buUSbWcfzjtbUySmr8i02DWw9
zk!lH@xBE)pxR36Ot1~T)DG%3XDz?X|UD|yg^K0_b+#CY*=M46W$>+K|1Q;n&X*d-x
zQrK2F1RPeR(s1fH9;iC$Iyw7rpNvrS&H+o=*%8FE+Okt0hKRpC74a}yJ(`SK9{FQL
zV01|&8Zaw-YWgvEub*?)>sbXCU!QSzZA!L>-nYSn%H`GT3=NNTCg!xn7mm;3j_-e|
zm=4|fa}vEPcl!suwyGMty1|iZwTG-qy=;9n6+@<9tzDgFWS^_%=hYT>Mtw-4cjs=O
zusYRMn%MYmpY9*y=Qgc<98*4)8GI=r^8=;V&D^KQP=BVaaR_*VTQ0f0DCZ2`uF75P
zoTcmsW$HXuqeDC^n^83;Yy4kJSXUfxv!=ncD77=hiZ{3EZgZAtndz|~ZWN1u?b}^^
zT|cC?C25I>TNc{sSO1~@N%PzA@9&l`3n`F<Nkrv#MTG}yhp*vwtRE^7&?!eH8q-sZ
z_Z1m5h(&(ZN7K(dx%^doVbR>-t4;h93fG>_4YdmGcv2A>6wsFRyK!elVVkEUxV@u;
zZc3HAo@=Ywb4CAfV)nL>uEzKG<n75;R$W2fiNT#M^|D({X}4chU)H$!Q%Pv&Tbcgh
z?4Y*S`#<~<dULUUqLrm(P+oUO{jKJlu7(lGA?+P|che3P!2vBr$+zncPs<)H*E8=*
z)2gco_79N1Fsj=Z+Ok(mx3a$Y`fIKB=Dml@JDY~#+q2SQx}LXQcMZ8|8NAB!>C5EZ
zR#qX+^{p2xy5AdhwLhwJ%?u3c?zrU{>M!pqYj!xC(7t15aY#!`OYy2ViPej8IvSgE
zMnC0uFRJdkn~~t=Gd1Fjw>Yz-bjbyd$JbR=KXtBJOLzK+Yva0IHl$b26<BY*d?%z&
zX>0eq?yVnkV!9LB>mG!9c3q$4cX7+s+3)(_>9kxQc;mp7-5;{mokuqB+K|2=-uvi;
z!1y~SSEP?R=v~Zd_q>z8F#W|(-u*a%)SXv$=}!B+D~+713*zYXZ+`F|X5@UOAkHNH
z&q#0Uan3sn;>M)M?(+6Ebap5R`6^xO?=@Nm!R=B9Zty#4s9A8OG;K=o18K$N;M-EI
z$-&p8R;Fdgq<NFdVx>(J%Oa$liDiLOC*!j9((nmoZqmz~GDm6E__A5jhH+;nO2>^m
zJ4z}xJUc|X!yrLTe4e|xQCx23^jbXFjQ?0Xb;{<O;%rl=%i<an{wcAZ$v5%h*^`=n
z5O10I=XP<D@#T$T>4ex-;<E9gS>i$CIa9^vM*XIUJ;zn)i(?J*w8gg!PV{TYbDfr3
z*zDV?JGsKEsyHR+{!dyzG;}&lE4))ewnlI&;$Ft=4T{{aHNK&2#x&ysQ}1mTCv$_U
zEYD<)jlB}rK+Z3(zjK=2W;B7D`m%F>=EMD0rZi~VB(_vpFHPKAb-^idLY1LIV%E$3
zvlAU(s?BH!u)D$;6!+56&(>~V(jPwEhu74&*yD(0tHWb_47$gj3vG|@?&tVK5DuOg
zRX$0rctp<`KY+(PMa?td^O@%sRsSQzJao<EVV3_ZpD#<GNfJN2`ROAN&^WFq6GK#4
zD)X)Ut;mJzVRA4}72^1xJ$ae*m!<ap`qXA+N?B5`qTX-Ds$7DE%)``-CgykV+W6bW
z;M3EZ)Ti^taPKhdD?W<Sm|B=$%s2C4O8r+pj0V1tIYq7f|4H{3+Hr}!J;mf;N*3bU
z{#kFCQ%uRqGJ9)K)Y#iP{G@qrD?g?1^NM&aK3>+7>dlS6mHnnz)}vBcF1CExdmqE8
ze(Jr?6*6h%cKE#KlsS4zRMf__PT4Xh-{;E};{x}Eq7ObBCrln?UZrk!KPh{J+4jmY
z_222G&$sQD{lwJM+n35#Gvnd&o?_C<8kv-$odT6!W5lZLk)Jg8j<`<>l}bPLk+P@0
z{L8HMsSITcdix9-8@+90)?xA~d-1P(N?HErdsFW==>1mic}%{Kd*7Gig%xRHvDjl3
zcfsla4;=D=<}PwJAaFcqCKRwTR5UJ0%w?iP8z|yIaP4fIEs%(!ZD?ysKni#wTZ))r
z!?&eHBGMY!SQ9gC_|yJ*4qX0!9sE~Fsl@)}KirzRXyfSH_440mFBEM${Umm7IGG;1
zr)IxkPC-=76wyN4uzfDJVNokj?-?!<96eJLJEi)=#>A4=7Z&=j_ZBt#cC}?@i{@`z
zvv$EY+AOMDch4lwNEflsdb{Gt#f!!K%%n$04!qL5a4ISM>RUI?lqazd9yrcR9qkf(
z+E?>j-t48}ruJR>x=thOsB`a54~WYbpW5BFctqiHbMJ_%`+ZE^`<>Yn`^Nyy3mSUI
z2QJKeyI9l7E9#Zkt~HmYYc4tV&BGf@7Jps6eBGJdn=hz6ygk-y=flzg>n;ow*alv@
zwW@Tu^YV?}kwZ%LoZXzgch+7QGu8d8nuvL&0~0O`+G49y6IFI$)Q|bgO22Mj?o+cn
z`2IKT$43pBuC-|vx6wwwG2dD^G}xCn#M)|fRF`n{?#cm!Z_F2JOWX~9{LNQ5;`WN6
z^Ku6YM;cc;9@<gttM_~ENZ}|?H{S2R4LuYs=MBHLVVYTPzYJX+H=)^YSs9}xZtCZ@
zyZpz4+P==m&l_vtKQp7Mc^dSyfTt1nGe**t3!m<I;yWteeek>7F&U$_R*v0s%RWQv
zMSY)lw{5<=vGZWq9sdCf-t)%h8TpUiTWM$U_vHHFC*4dEf7@iS+mrZP(TWMnZbTmp
zPvd=cv0h_Y{^^6!CG~pcxug6?`Bb`O?ri31=|2med?P3*Osjt2wEP)CQAPD5vvYMg
zDb=^=7QKo}=Z@`l^+qEqJv+i&>j#D0_F25g>b*`^u2svZ%Pl2ZZ(ZL$J{5XDXX3I;
z#2Q`xp64RX<Gb$Xym4*hw&`?6cZs@>;idoAf9n5_8<{VvVDwI0X6tBntt?qmQZ;ta
zoB$_D<GUrp?fWb~`ce&aQ~dorR%vSR@GKz2Up@bDq<8_JkN5`6qFx)GLYRLB>p$8E
z5@Sf!Cd7V+ijCr7k3hvn6D*s6C%}`<m-+C-h9_+m8_BLiz-I!asN@sSthNY*=B)B)
z9*#_+vMx=Uv)V^fG$!|#b<i}sULFsJ)nNA@_PSVoYR<Nim>R12NbFm&Y?vJ^8}_+a
zHVUxu0UNN*Nk9jVqr<KP(18FQ2+)B59hj-CIuM`(k5G0#KnDVJAV3EKbWnf}3eZ6T
zIw(K~_8D1irT`rjpo0Q*P=F2!(7^|E@BtlsKnEYt!3T8k0Ug-GWa;GtI{1JN9F&H&
zE{==BwgEZ>fDSyru-652;Q4@^575CJJE`t(0ziiV&_M$_@O;H856?Ml8=!**bkKkf
z8qh%lI`HuTyIw$t5YU0=XV$txK!*^}fsfYM>jFB2fDR#`LkQ@=$CRu(aFiXk4bZ{7
zGedQon*%z`0UhRm4$LEVd4LXcKnG@&>be9bG~343LGai*2p(Gp!DH(ncx)X6kFA5?
zv2_qQ+7!EefDX)6RzBt&gG%2MI2;$-2IwFF9XN^-dtE>Wz;l8CbYP!`RUW`|9B&WE
z2k5}T_}JwEI<Ozc&IjlKcuoL3$1mk!mk02i0C-LSJSPC269CU~6f&S*KnK8c0^m6g
zoy9H>;5h;CoB()E06fP5s(?BG9RSY>fae6ja{}Nw0q~pvcuoL3Cjg!k0M7}4=LEoW
z0^m6T@SFg6P5?Y71i=0Q@SFg6P6&YQ0q~p<0OJbaIRWsT0C-LSJSPC269CT%8raVP
zo)ZAi34rGWz;goNIY9&a2f%Xz;5h;CoB()E06Zsz!2SX797i`~?^^)R34rGWz;hh?
zj$IzWa{}Nw0q`7$_yfuV#+5ms1K>FU@EnILWz~V-oCes~{2&3IlK{_2fafH@a}wY=
z6FpLuJtRKfXW0OrlK{_2fafF*M9D6Xy`Pf+&q?511_|(-1b9vYJSPF3lK{_|v)8OP
z13V}3g%EZ=_P8QR_P8Peo|6F2Nr2}hz;hDdISKHb1b9vYJSPF3lL*iO@SFsAP69k9
z0iKfp&q;viB*1eL;5i8#pOXO3Nr2}hz;hDdISygW9tQx=Nr2}hz;hDdISKHb1b9vY
zJSPF3lK{{0wE?ycfaf@zGmsD1&jFs30MAK)=On;$65u(0=^(o;0MAK)=lI=~z`B4A
zfafH@a}wY=3Gke`QpTD$0G^Wo&zbY5taSmNlK{_2fafH@a}wY=3Gkc*cuoR5$L|Sc
zw;A9$3Gkc*cuoR5Cjp+5!0|Z=@SFsA&YVM5?Pmn=905E>!0|Z(c#Z&`BY@`!;5h<#
zjsTt`faeI{IRbc&0G=a&=Lk4HM*z<ez;guf905E>0M8M?a|G}l0X#<l&k?|L1RS3u
zfaeI{IRbc&0G=a&=Lq0A0(j0`!)A?BfaeI{IRbc&0G=a&=Lq0A0(g!9p5tK9>^1{D
zM*z<ez;guf905E>0M8M?a|G}l0X#<l&k?|L1n?XIJVyY}5x{c<@SF((&l(2+&k?|L
z1n?XI$L9#(IRbc&0G=a&=Lq0A0(g!9o+E(g2;eyaj?WRma|G}l0X#<l&+#L&?7jzh
zjsTt`faeI{IRbc&0G=a&=Lq0A0(g!9o-_BPu*Ma@a|G}l0X#<l&k?|L1n?XIJVyY}
z5x{c<@EpGcgQblEcuoO4rvRQ)0M99a=lJ1jpkDTQ1`6Ogb3I;ldr$z+DS+n`z;g=V
zIR)^X0(edVJf{GjQvlB?faesza|+-&1@IhS+E?ipd<Fo|&tG2i$4B;<WvVvCU1DF{
z8-S0*@f@a-54%X8**5vPt@ift)6~H4TJO0ROZe};0ZaLyy_?@A<((h+SXn@8YH&Cr
z2V4BU^`5&yc$ymj8*StMho8q514Wa#%nfQdj(`C^DM9o^2l&`%>=X(4J&m@-_np~@
zY|L#);S8EKpTQGQLi3q?o`@FO@<}0SYlCy(`_6ib#>cUr6^+kSsq_c-t!P0{(UdJA
zw6(#vy@@Dm;b&!F-|h1<XiBvV?37bIW%S-Z^Z$9jVQzJ1%_o2#OaXo{1^B`Ejzpk5
zHXkX#52gS=m;(G@3h;v|zz?PXKbQjiU<&YqDZme=06&-l{9p?3gDJodrT{;f0{me7
z9u;<<0)8+B_`!G%Q&|_EdBl2E=QbXmQ&nw@Kd)*NVBc8PW{&IlXk*VkeDW{mMM}iS
zr{4Isl#n891eA@n%}mmI2A@ZWtZ8DVt@$*If0{%2Hn5GGK29<C9GyAwug#19{<if_
VUbso0O+2{ER3{!xN%NjY|0jpJINAUJ

literal 0
HcmV?d00001

diff --git a/src/UglyToad.PdfPig/Parser/FileStructure/XrefBruteForcer.cs b/src/UglyToad.PdfPig/Parser/FileStructure/XrefBruteForcer.cs
index d7b46448..b038f162 100644
--- a/src/UglyToad.PdfPig/Parser/FileStructure/XrefBruteForcer.cs
+++ b/src/UglyToad.PdfPig/Parser/FileStructure/XrefBruteForcer.cs
@@ -16,6 +16,9 @@ internal static class XrefBruteForcer
     {
         var results = new List<IXrefSection>();
 
+        // Guard against circular references; only read xref at each offset once
+        var xrefOffsetSeen = new HashSet<long>();
+
         var bruteForceObjPositions = new Dictionary<IndirectReference, long>();
 
         DictionaryToken? trailer = null;
@@ -131,6 +134,14 @@ internal static class XrefBruteForcer
                 ClearQueues();
 
                 var potentialTableOffset = bytes.CurrentOffset - 4;
+
+                if (xrefOffsetSeen.Contains(potentialTableOffset))
+                {
+                    log.Debug($"Skipping circular xref reference at {potentialTableOffset}");
+                    continue;
+                }
+                xrefOffsetSeen.Add(potentialTableOffset);
+
                 var table = XrefTableParser.TryReadTableAtOffset(
                     new FileHeaderOffset(0),
                     potentialTableOffset,
@@ -152,15 +163,22 @@ internal static class XrefBruteForcer
             {
                 ClearQueues();
 
-                if (!lastObjPosition.HasValue)
+                if (lastObjPosition is not long offset)
                 {
                     log.Error("Found an /XRef without having encountered an object first");
                     continue;
                 }
 
+                if (xrefOffsetSeen.Contains(offset))
+                {
+                    log.Debug($"Skipping circular /XRef reference at {offset}");
+                    continue;
+                }
+                xrefOffsetSeen.Add(offset);
+
                 var stream = XrefStreamParser.TryReadStreamAtOffset(
                     new FileHeaderOffset(0),
-                    lastObjPosition.Value,
+                    offset,
                     bytes,
                     scanner,
                     log);