CVE-2023-36810

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions pypdf versions prior to 1.27.9

Description The issue is related to algorithmic complexity in the pypdf library, which can be exploited by an attacker to craft a PDF that leads to unexpected long runtime, blocking the current process and utilizing a single core of the CPU by 100%. This does not affect memory usage.

Recommendations For versions prior to 1.27.9, upgrade to version 1.27.9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the pypdf library until a patch is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-407

Related Identifiers

BDU:2023-07658

CVE-2023-36810

DLA-3497-1

GHSA-JRM6-H9CQ-8GQW

MGASA-2023-0254

USN-6280-1

Affected Products

Astra Linux

Linuxmint

Ubuntu

Pypdf

CVE-2023-36810

Weakness Enumeration

Related Identifiers

Affected Products

References · 28