PT-2024-21182 · Xhtml2Pdf+1 · Xhtml2Pdf+1
Salvatore-Abello
·
Published
2024-10-08
·
Updated
2024-12-18
·
CVE-2024-25885
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
xhtml2pdf version 0.2.13
Description
The issue allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted string to the
getcolor function in utils.py. This can be exploited by providing a specifically designed input.Recommendations
For xhtml2pdf version 0.2.13, consider disabling the
getcolor function in utils.py until a patch is available to prevent potential ReDOS attacks. Restrict the input to the getcolor function to minimize the risk of exploitation.Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Xhtml2Pdf