MGASA-2023-0254 Updated python-pypdf2 packages fix security vulnerability

It was discovered that python-pypdf2 contained a vulnerability whereby an attacker can craft a PDF which leads to unexpected long runtime. CVE-2023-36810...

Updated python-pypdf2 packages fix security vulnerability

It was discovered that python-pypdf2 contained a vulnerability whereby an attacker can craft a PDF which leads to unexpected long runtime. CVE-2023-36810...

Mageia: Security Advisory (MGASA-2023-0254)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-6280-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6280-1: PyPDF2 vulnerability

It was discovered that PyPDF2 incorrectly handled PDF files with certain markers. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to consume system resources, resulting in a denial of service...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS : PyPDF2 vulnerability (USN-6280-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6280-1 advisory. It was discovered that PyPDF2 incorrectly handled PDF files with certain markers. If a user or automated system were tricked...

Debian: Security Advisory (DLA-3497-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian dla-3497 : python-pypdf2 - security update

The remote Debian 10 host has packages installed that are affected by a vulnerability as referenced in the dla-3497 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3497-1 [email protected] https://www.debian.org/lts/security/...

[SECURITY] [DLA 3497-1] pypdf2 security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-3497-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk July 14, 2023 https://wiki.debian.org/LTS -...

DLA-3497-1 pypdf2 - security update

Bulletin has no description...

Denial Of Service (DoS)

pypdf2 is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause denial of service conditions by triggering an infinite loop in the readNextEndLine function of pdf.py via injecting a crafted PDF file, resulting in current process being blocked due to quadratic runtime bloc...

document-sorter (=0.1.0), zonesmart-utils (>=0.4.0 <=0.4.1) potentially affected by CVE-2023-36807 via pypdf2 (=2.10.5)

pypdf2 PYPI version =2.10.5 is affected by a known vulnerability. The following packages have a transitive dependency on pypdf2 and may be impacted: - document-sorter =0.1.0 - zonesmart-utils =0.4.0, =0.4.1 Source cves: CVE-2023-36807 Source advisory: OSV:GHSA-HM9V-VJ3R-R55M...

PyPDF2 vulnerable to possible Infinite Loop when reading malformed objects

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such ...

GHSA-JRM6-H9CQ-8GQW PyPDF2 quadratic runtime with malformed PDF missing xref marker

Impact An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. Patches https://github.com/py-pdf/pypdf/pull/808 Workarounds ...

addpage (=0.2.0), amazon-textract-helper (>=0.0.2 <=0.0.30) +89 more potentially affected by CVE-2023-36810 via pypdf2 (>=1.24.0 <=1.27.5)

pypdf2 PYPI version =1.24.0, =0.0.2, =0.0.1, =0.0.2, =0.0.1, =0.1.1, =0.1.1, =0.2.0, =0.1.0, =0.0.1, =1.1.0, =0.9.0, =1.0.0, =2.0.0 - dftimewolf =20200608.0.0a0 and more Source cves: CVE-2023-36810 Source advisory: OSV:GHSA-JRM6-H9CQ-8GQW...

PyPDF2 quadratic runtime with malformed PDF missing xref marker

Impact An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. Patches https://github.com/py-pdf/pypdf/pull/808 Workarounds ...

pypdf and PyPDF2 possible Infinite Loop when a comment isn't followed by a character

Impact An attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if parsecontentstream is executed. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the...

3m (>=0.1.0 <=0.1.3), a2d-diary (>=0.1.0 <=0.1.5) +1653 more potentially affected by CVE-2023-36464 via pypdf2 (>=2.4.2 <=3.0.1)

pypdf2 PYPI version =2.4.2, =0.1.0, =0.1.0, =1.1.0, =0.0.0.1, =0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.2, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1, =0.0.0.1038 and more Source cves: CVE-2023-36464 Source advisory: OSV:GHSA-4VVM-4W3V-6MR8...

CVE-2023-36807 Infinite Loop when reading malformed objects in pypdf

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single co...

PyPDF2 安全漏洞

PyPDF2 is a free open source pure python PDF library . Able to split, merge, crop and convert pages of a PDF file . pypdf version 2.10.6 before the existence of a security vulnerability , the vulnerability stems from the existence of an infinite loop , will block the process...