CVE-2023-36464

2023-06-2722:15:11

Debian Security Bug Tracker

security-tracker.debian.org

pypdf

pdf library

security issue

upgrade

code modification

pull request

infinite loop

user input

unix

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.3%

JSON

pypdf is an open source, pure-python PDF library. In affected versions an attacker may craft a PDF which leads to an infinite loop if __parse_content_stream is executed. That is, for example, the case if the user extracted text from such a PDF. This issue was introduced in pull request #969 and resolved in pull request #1828. Users are advised to upgrade. Users unable to upgrade may modify the line while peek not in (b"\r", b"\n") in pypdf/generic/_data_structures.py to while peek not in (b"\r", b"\n", b"").

OSVersionArchitecturePackageVersionFilename
Debian12allpypdf< 3.4.1-1+deb12u1pypdf_3.4.1-1+deb12u1_all.deb
Debian999allpypdf< 3.17.4-1pypdf_3.17.4-1_all.deb
Debian13allpypdf< 3.17.4-1pypdf_3.17.4-1_all.deb
Debian12allpypdf2< 2.12.1-3+deb12u1pypdf2_2.12.1-3+deb12u1_all.deb
Debian11allpypdf2< 1.26.0-4+deb11u1pypdf2_1.26.0-4+deb11u1_all.deb
Debian999allpypdf2< 2.12.1-4pypdf2_2.12.1-4_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	pypdf	< 3.4.1-1+deb12u1	pypdf_3.4.1-1+deb12u1_all.deb
Debian	999	all	pypdf	< 3.17.4-1	pypdf_3.17.4-1_all.deb
Debian	13	all	pypdf	< 3.17.4-1	pypdf_3.17.4-1_all.deb
Debian	12	all	pypdf2	< 2.12.1-3+deb12u1	pypdf2_2.12.1-3+deb12u1_all.deb
Debian	11	all	pypdf2	< 1.26.0-4+deb11u1	pypdf2_1.26.0-4+deb11u1_all.deb
Debian	999	all	pypdf2	< 2.12.1-4	pypdf2_2.12.1-4_all.deb