CVE-2023-33733

Опубликовано: 05 июн. 2023

Источник: debian

Описание

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.

Пакет	Статус	Версия исправления	Релиз	Тип
python-reportlab	fixed	3.6.13-1		package
python-reportlab	not-affected		buster	package

https://docs.reportlab.com/releases/notes/whats-new-3613/
https://github.com/c53elyas/CVE-2023-33733
Introduced by: https://hg.reportlab.com/hg-public/reportlab/rev/51a521ad7dd3 (3.5.34)
This was introduced when fixing CVE-2019-17626. The version in Debian Buster
uses a simpler fix in 3.5.13-1+deb10u1 and is not affected.
Fixed by: https://hg.reportlab.com/hg-public/reportlab/rev/1c39d2db15bb (3.6.13)

CVE-2023-33733

CVSS3: 7.8

ubuntu

больше 2 лет назад

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.

CVE-2023-33733

CVSS3: 7.8

redhat

больше 2 лет назад

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.

CVE-2023-33733

CVSS3: 7.8

nvd

больше 2 лет назад

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.

SUSE-SU-2023:2688-1

suse-cvrf

около 2 лет назад

Security update for python-reportlab

SUSE-SU-2023:2561-1

suse-cvrf

около 2 лет назад

Security update for python-reportlab