pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. This issue has been addressed in PR 808 and versions from 1.27.9 include this fix. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
Link | Resource |
---|---|
https://github.com/py-pdf/pypdf/issues/582 | Exploit Issue Tracking Vendor Advisory |
https://github.com/py-pdf/pypdf/pull/808 | Patch |
https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw | Exploit Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2023/07/msg00019.html |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-06-30T18:43:12.801Z
Updated: 2023-06-30T18:43:12.801Z
Reserved: 2023-06-27T15:43:18.383Z
Link: CVE-2023-36810
JSON object: View
NVD Information
Status : Modified
Published: 2023-06-30T19:15:09.357
Modified: 2023-07-14T23:15:08.883
Link: CVE-2023-36810
JSON object: View
Redhat Information
No data.
CWE