Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2022-24859

Опубликовано: 18 апр. 2022
Источник: redhat
CVSS3: 5.5
EPSS Низкий

Описание

PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content stream. The reason is that the last while-loop in ContentStream._readInlineImage only terminates when it finds the EI token, but never actually checks if the stream has already ended. This issue has been resolved in version 1.27.5. Users unable to upgrade should validate and PDFs prior to iterating over their content stream.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Quay 3quay/quay-rhel8Affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-835
https://bugzilla.redhat.com/show_bug.cgi?id=2076488PyPDF2: infinite loop vulnerability

EPSS

Процентиль: 32%
0.00127
Низкий

5.5 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2022-24859

CVSS3: 6.2
ubuntu
почти 4 года назад

PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content stream. The reason is that the last while-loop in `ContentStream._readInlineImage` only terminates when it finds the `EI` token, but never actually checks if the stream has already ended. This issue has been resolved in version `1.27.5`. Users unable to upgrade should validate and PDFs prior to iterating over their content stream.

nvd логотип

CVE-2022-24859

CVSS3: 6.2
nvd
почти 4 года назад

PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content stream. The reason is that the last while-loop in `ContentStream._readInlineImage` only terminates when it finds the `EI` token, but never actually checks if the stream has already ended. This issue has been resolved in version `1.27.5`. Users unable to upgrade should validate and PDFs prior to iterating over their content stream.

debian логотип

CVE-2022-24859

CVSS3: 6.2
debian
почти 4 года назад

PyPDF2 is an open source python PDF library capable of splitting, merg ...

suse-cvrf логотип

openSUSE-SU-2024:0366-1

suse-cvrf
около 1 года назад

Security update for python-PyPDF2

github логотип

GHSA-xcjx-m2pj-8g79

CVSS3: 6.2
github
почти 4 года назад

Manipulated inline images can cause Infinite Loop in PyPDF2

EPSS

Процентиль: 32%
0.00127
Низкий

5.5 Medium

CVSS3