Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-36807

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-30 Jun, 2023 | 18:38
Updated At-06 Nov, 2024 | 19:51
Rejected At-
Credits

Infinite Loop when reading malformed objects in pypdf

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such a malformed PDF. Versions prior to 2.10.5 throw an error, but do not hang forever. This issue was fixed with https://github.com/py-pdf/pypdf/pull/1331 which has been included in release 2.10.6. Users are advised to upgrade. Users unable to upgrade should modify `PyPDF2/generic/_data_structures.py::read_object` to an an error throwing case. See GHSA-hm9v-vj3r-r55m for details.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:30 Jun, 2023 | 18:38
Updated At:06 Nov, 2024 | 19:51
Rejected At:
▼CVE Numbering Authority (CNA)
Infinite Loop when reading malformed objects in pypdf

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such a malformed PDF. Versions prior to 2.10.5 throw an error, but do not hang forever. This issue was fixed with https://github.com/py-pdf/pypdf/pull/1331 which has been included in release 2.10.6. Users are advised to upgrade. Users unable to upgrade should modify `PyPDF2/generic/_data_structures.py::read_object` to an an error throwing case. See GHSA-hm9v-vj3r-r55m for details.

Affected Products
Vendor
py-pdf
Product
pypdf
Versions
Affected
  • 2.10.5
Problem Types
TypeCWE IDDescription
CWECWE-835CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
Type: CWE
CWE ID: CWE-835
Description: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')
Metrics
VersionBase scoreBase severityVector
3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/py-pdf/pypdf/security/advisories/GHSA-hm9v-vj3r-r55m
x_refsource_CONFIRM
https://github.com/py-pdf/pypdf/issues/1329
x_refsource_MISC
https://github.com/py-pdf/pypdf/pull/1331
x_refsource_MISC
Hyperlink: https://github.com/py-pdf/pypdf/security/advisories/GHSA-hm9v-vj3r-r55m
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/py-pdf/pypdf/issues/1329
Resource:
x_refsource_MISC
Hyperlink: https://github.com/py-pdf/pypdf/pull/1331
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/py-pdf/pypdf/security/advisories/GHSA-hm9v-vj3r-r55m
x_refsource_CONFIRM
x_transferred
https://github.com/py-pdf/pypdf/issues/1329
x_refsource_MISC
x_transferred
https://github.com/py-pdf/pypdf/pull/1331
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/py-pdf/pypdf/security/advisories/GHSA-hm9v-vj3r-r55m
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/py-pdf/pypdf/issues/1329
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/py-pdf/pypdf/pull/1331
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Vendor
pypdf_project
Product
pypdf
CPEs
  • cpe:2.3:a:pypdf_project:pypdf:2.10.5:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • 2.10.5
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:30 Jun, 2023 | 19:15
Updated At:10 Jul, 2023 | 16:32

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In version 2.10.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop. This infinite loop blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. That is, for example, the case if the user extracted metadata from such a malformed PDF. Versions prior to 2.10.5 throw an error, but do not hang forever. This issue was fixed with https://github.com/py-pdf/pypdf/pull/1331 which has been included in release 2.10.6. Users are advised to upgrade. Users unable to upgrade should modify `PyPDF2/generic/_data_structures.py::read_object` to an an error throwing case. See GHSA-hm9v-vj3r-r55m for details.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Secondary3.16.2MEDIUM
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 6.2
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches
pypdf_project
pypdf_project
>>pypdf>>2.10.5
cpe:2.3:a:pypdf_project:pypdf:2.10.5:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-835Primarysecurity-advisories@github.com
CWE ID: CWE-835
Type: Primary
Source: security-advisories@github.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/py-pdf/pypdf/issues/1329security-advisories@github.com
Exploit
Issue Tracking
Vendor Advisory
https://github.com/py-pdf/pypdf/pull/1331security-advisories@github.com
Patch
https://github.com/py-pdf/pypdf/security/advisories/GHSA-hm9v-vj3r-r55msecurity-advisories@github.com
Exploit
Mitigation
Patch
Vendor Advisory
Hyperlink: https://github.com/py-pdf/pypdf/issues/1329
Source: security-advisories@github.com
Resource:
Exploit
Issue Tracking
Vendor Advisory
Hyperlink: https://github.com/py-pdf/pypdf/pull/1331
Source: security-advisories@github.com
Resource:
Patch
Hyperlink: https://github.com/py-pdf/pypdf/security/advisories/GHSA-hm9v-vj3r-r55m
Source: security-advisories@github.com
Resource:
Exploit
Mitigation
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

51Records found
CVE-2019-1000020
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-4.89% / 89.38%
||
7 Day CHG~0.00%
Published-04 Feb, 2019 | 21:00
Updated-05 Aug, 2024 | 03:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libarchive version commit 5a98dcf8a86364b3c2c469c85b93647dfb139961 onwards (version v2.8.0 onwards) contains a CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in ISO9660 parser, archive_read_support_format_iso9660.c, read_CE()/parse_rockridge() that can result in DoS by infinite loop. This attack appears to be exploitable via the victim opening a specially crafted ISO9660 file.

Action-Not Available
Vendor-n/aFedora ProjectCanonical Ltd.Debian GNU/LinuxlibarchiveopenSUSERed Hat, Inc.
Product-enterprise_linux_serverubuntu_linuxdebian_linuxlibarchiveenterprise_linux_workstationfedoraenterprise_linux_desktopleapn/a
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
  • Previous
  • 1
  • 2
  • Next
Details not found