Lucene search

Ubuntu.comUB:CVE-2023-36464

HistoryJun 27, 2023 - 12:00 a.m.

CVE-2023-36464

2023-06-2700:00:00

ubuntu.com

pypdf

cve-2023-36464

fix

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.3%

JSON

pypdf is an open source, pure-python PDF library. In affected versions an
attacker may craft a PDF which leads to an infinite loop if
__parse_content_stream is executed. That is, for example, the case if the
user extracted text from such a PDF. This issue was introduced in pull
request #969 and resolved in pull request #1828. Users are advised to
upgrade. Users unable to upgrade may modify the line while peek not in (b"\r", b"\n") in pypdf/generic/_data_structures.py to while peek not in (b"\r", b"\n", b"").

OSVersionArchitecturePackageVersionFilename
ubuntu24.04noarchpypdf< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	24.04	noarch	pypdf	< any	UNKNOWN

References

github.com/py-pdf/pypdf/pull/1828

github.com/py-pdf/pypdf/pull/969

github.com/py-pdf/pypdf/security/advisories/GHSA-4vvm-4w3v-6mr8

launchpad.net/bugs/cve/CVE-2023-36464

nvd.nist.gov/vuln/detail/CVE-2023-36464

security-tracker.debian.org/tracker/CVE-2023-36464

www.cve.org/CVERecord?id=CVE-2023-36464

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

19.3%

JSON

Related for UB:CVE-2023-36464