Lucene search

Ubuntu.comUB:CVE-2023-2241

HistoryApr 22, 2023 - 12:00 a.m.

CVE-2023-2241

2023-04-2200:00:00

ubuntu.com

vulnerability

podofo

buffer overflow

critical

pdfxrefstreamparserobject.cpp

local attack

public exploit

patch

vdb-227226

unix

4.3 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

A vulnerability, which was classified as critical, was found in PoDoFo
0.10.0. Affected is the function readXRefStreamEntry of the file
PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer
overflow. An attack has to be approached locally. The exploit has been
disclosed to the public and may be used. The patch is identified as
535a786f124b739e3c857529cecc29e4eeb79778. It is recommended to apply a
patch to fix this issue. VDB-227226 is the identifier assigned to this
vulnerability.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchlibpodofo< anyUNKNOWN
ubuntu20.04noarchlibpodofo< anyUNKNOWN
ubuntu22.04noarchlibpodofo< anyUNKNOWN
ubuntu23.10noarchlibpodofo< anyUNKNOWN
ubuntu24.04noarchlibpodofo< anyUNKNOWN
ubuntu14.04noarchlibpodofo< anyUNKNOWN
ubuntu16.04noarchlibpodofo< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	libpodofo	< any	UNKNOWN
ubuntu	20.04	noarch	libpodofo	< any	UNKNOWN
ubuntu	22.04	noarch	libpodofo	< any	UNKNOWN
ubuntu	23.10	noarch	libpodofo	< any	UNKNOWN
ubuntu	24.04	noarch	libpodofo	< any	UNKNOWN
ubuntu	14.04	noarch	libpodofo	< any	UNKNOWN
ubuntu	16.04	noarch	libpodofo	< any	UNKNOWN

References

github.com/podofo/podofo/commit/535a786f124b739e3c857529cecc29e4eeb79778

github.com/podofo/podofo/files/11260976/poc-file.zip

github.com/podofo/podofo/issues/69

launchpad.net/bugs/cve/CVE-2023-2241

nvd.nist.gov/vuln/detail/CVE-2023-2241

security-tracker.debian.org/tracker/CVE-2023-2241

www.cve.org/CVERecord?id=CVE-2023-2241

4.3 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for UB:CVE-2023-2241