Bug ID 1216774
Summary VUL-0: CVE-2023-46250: pypdf: infinite loop condition may be triggered to cause denial of service
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.6
Hardware Other
URL https://smash.suse.de/issue/383718/
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Python
Assignee simonf.lees@suse.com
Reporter smash_bz@suse.de
QA Contact security-team@suse.de
CC stoyan.manolov@suse.com
Target Milestone ---
Found By Security Response Team
Blocker --- 

pypdf is a free and open-source pure-python PDF library. An attacker who uses a
vulnerability present in versions 3.7.0 through 3.16.4 can craft a PDF which
leads to an infinite loop. This infinite loop blocks the current process and
can
utilize a single core of the CPU by 100%. It does not affect memory usage. That
is, for example, the case when the pypdf-user manipulates an incoming malicious
PDF e.g. by merging it with another PDF or by adding annotations. The issue was
fixed in version 3.17.0. As a workaround, apply the patch manually by modifying
`pypdf/generic/_data_structures.py`.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46250

You are receiving this mail because: