UBUNTU-CVE-2023-36810

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2023-36810

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-36810.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2023-36810

Related

Published

2023-06-30T19:15:00Z

Modified

2023-06-30T19:15:00Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. This issue has been addressed in PR 808 and versions from 1.27.9 include this fix. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Ubuntu:Pro:16.04:LTS / pypdf2

Package

Name: pypdf2
Purl: pkg:deb/ubuntu/pypdf2?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.1-1ubuntu0.1~esm2

Affected versions

1.*

1.23+git20141008-1

1.25.1-1

1.25.1-1ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.25.1-1ubuntu0.1~esm2",
            "binary_name": "python-pypdf2"
        },
        {
            "binary_version": "1.25.1-1ubuntu0.1~esm2",
            "binary_name": "python3-pypdf2"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / pypdf2

Package

Name: pypdf2
Purl: pkg:deb/ubuntu/pypdf2?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.26.0-2ubuntu0.1~esm2

Affected versions

1.*

1.26.0-2

1.26.0-2ubuntu0.1~esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.26.0-2ubuntu0.1~esm2",
            "binary_name": "python-pypdf2"
        },
        {
            "binary_version": "1.26.0-2ubuntu0.1~esm2",
            "binary_name": "python3-pypdf2"
        }
    ]
}

Ubuntu:20.04:LTS / pypdf2

Package

Name: pypdf2
Purl: pkg:deb/ubuntu/pypdf2?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.26.0-3ubuntu1.20.04.2

Affected versions

1.*

1.26.0-2

1.26.0-3ubuntu1

1.26.0-3ubuntu1.20.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.26.0-3ubuntu1.20.04.2",
            "binary_name": "python-pypdf2"
        },
        {
            "binary_version": "1.26.0-3ubuntu1.20.04.2",
            "binary_name": "python3-pypdf2"
        }
    ]
}

Ubuntu:22.04:LTS / pypdf2

Package

Name: pypdf2
Purl: pkg:deb/ubuntu/pypdf2?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.26.0-4ubuntu0.22.04.2

Affected versions

1.*

1.26.0-4

1.26.0-4ubuntu0.22.04.1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.26.0-4ubuntu0.22.04.2",
            "binary_name": "python3-pypdf2"
        }
    ]
}