Lucene search
Veracode Vulnerability DatabaseVERACODE:35163HistoryApr 19, 2022 - 11:06 a.m.
Denial Of Service (DoS)
2022-04-1911:06:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
pypdf2
denial of service
vulnerability
pdf file
infinite loop
_readinlineimage
crash
system
EPSS
0.001
Percentile
39.9%
pypdf2 is vulnerable to denial of service (DoS) attacks. The vulnerability exists due to an infinite loop in the _readInlineImage' function in the pdf.py` which allows a malicious attacker to crash the system by sending a pdf file.
References
github.com/py-pdf/PyPDF2/commit/81c888f2f5cbf36356c7cf94073cfa050bb10eba
github.com/py-pdf/PyPDF2/issues/329
github.com/py-pdf/PyPDF2/pull/740
github.com/py-pdf/PyPDF2/releases/tag/1.27.5
github.com/py-pdf/PyPDF2/security/advisories/GHSA-xcjx-m2pj-8g79
lists.debian.org/debian-lts-announce/2022/06/msg00001.html
Related
debiancve
debiancve
CVE-2022-24859
2022-04-18 19:15:09
github
github
Manipulated inline images can cause Infinite Loop in PyPDF2
2022-04-22 20:54:41
nvd
nvd
CVE-2022-24859
2022-04-18 19:15:09
openvas
openvas
Debian: Security Advisory (DLA-3039-1)
2022-06-04 00:00:00
Debian: Security Advisory (DLA-3451-1)
2023-06-12 00:00:00
Ubuntu: Security Advisory (USN-6176-1)
2023-06-19 00:00:00
osv
osv
Manipulated inline images can cause Infinite Loop in PyPDF2
2022-04-22 20:54:41
CVE-2022-24859
2022-04-18 19:15:09
PYSEC-2022-194
2022-04-18 19:15:00
nessus
nessus
Debian DLA-3039-1 : pypdf2 - LTS security update
2022-06-03 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS : PyPDF2 vulnerability (USN-6176-1)
2023-06-19 00:00:00
Debian DLA-3451-1 : pypdf2 - LTS security update
2023-06-12 00:00:00
cvelist
cvelist
CVE-2022-24859 Manipulated inline images can cause Infinite Loop in PyPDF2
2022-04-18 00:00:00
ubuntucve
ubuntucve
CVE-2022-24859
2022-04-18 00:00:00
ubuntu
ubuntu
PyPDF2 vulnerability
2023-06-19 00:00:00
debian
debian
[SECURITY] [DLA 3039-1] pypdf2 security update
2022-06-03 10:48:18
[SECURITY] [DLA 3451-1] pypdf2 security update
2023-06-09 21:38:03
redhatcve
redhatcve
CVE-2022-24859
2022-04-19 08:41:34
cve
cve
CVE-2022-24859
2022-04-18 19:15:09
prion
prion
Code injection
2022-04-18 19:15:00
mageia
mageia
Updated python-pypdf2 packages fix security vulnerability
2022-06-09 23:49:47