PT-2024-36721 · Pdftools · Pdftools

Isumitpatel

Published

2024-12-17

Updated

2024-12-20

CVE-2024-56139

CVSS v4.0

6.9

Medium

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions pdftools versions up to and including 0.5.0

Description The issue is related to a stack overflow crash caused by maliciously crafted ePUB files. This can lead to a system crash. Users are advised to avoid untrusted input to their systems to mitigate the risk. The problem has not yet been addressed.

Recommendations For versions up to and including 0.5.0, as a temporary workaround, consider avoiding the use of untrusted ePUB files until a patch is available. Restrict input to trusted sources to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Fix

Stack Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-121

Related Identifiers

CVE-2024-56139

GHSA-HGVF-4PF3-FWC9

Affected Products

Pdftools

PT-2024-36721 · Pdftools · Pdftools

CVE-2024-56139

Weakness Enumeration

Related Identifiers

Affected Products

References · 7