CVE-2023-24808

Name of the Vulnerable Software and Affected Versions PDFio versions prior to 1.1.0

Description A denial of service (DOS) issue exists in the pdfio parser. Crafted PDF files can cause the program to run at 100% utilization and never terminate. The problematic PDF is about 28kb in size and was discovered via fuzzing. Anyone using this library, either as a standalone binary or as a library, can be affected when attempting to parse this type of file. Web servers or automated processes relying on this code to turn PDF submissions into plaintext can also be affected when an attacker uploads the PDF.

Recommendations To resolve the issue, upgrade to version 1.1.0 or later. As a temporary workaround, consider restricting the parsing of PDF files from untrusted sources until a patch is available. Avoid using the pdfio parser for automated PDF processing until the issue is resolved. At the moment, there is no information about other workarounds for this vulnerability.