Описание
pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5.
A flaw was found in pypdf, a pure-python PDF library. A remote attacker can exploit this vulnerability by crafting a malicious PDF file that utilizes the /ASCIIHexDecode filter. Processing this specially crafted PDF can lead to excessively long runtimes, resulting in a Denial of Service (DoS) for the application or system processing the file.
Меры по смягчению последствий
To mitigate this issue, avoid processing untrusted PDF documents with applications that use the pypdf library. If processing untrusted PDFs is unavoidable, consider sandboxing the application responsible for PDF processing to limit potential resource exhaustion.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Lightspeed | openshift-lightspeed/lightspeed-ocp-rag-rhel9 | Fix deferred | ||
| OpenShift Lightspeed | openshift-lightspeed/lightspeed-service-api-rhel9 | Fix deferred | ||
| OpenShift Lightspeed | openshift-lightspeed-tech-preview/lightspeed-rag-tool-rhel9 | Fix deferred | ||
| Red Hat Enterprise Linux AI (RHEL AI) 3 | rhelai3/bootc-cuda-rhel9 | Fix deferred | ||
| Red Hat Enterprise Linux AI (RHEL AI) 3 | rhelai3/disk-image-cuda-rhel9 | Fix deferred | ||
| Red Hat OpenShift AI (RHOAI) | rhoai/odh-llama-stack-core-rhel9 | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5.
pypdf is a free and open-source pure-python PDF library. Prior to version 6.7.5, an attacker who uses this vulnerability can craft a PDF which leads to long runtimes. This requires accessing a stream which uses the /ASCIIHexDecode filter. This issue has been patched in version 6.7.5.
pypdf is a free and open-source pure-python PDF library. Prior to vers ...
pypdf vulnerable to inefficient decoding of ASCIIHexDecode streams
EPSS
6.5 Medium
CVSS3