VDB
CVE-2023-36810
CVE-2023-36810
PUBLISHED
CVSS 6.199999809265137 MEDIUM
PyPDF2 quadratic runtime with malformed PDF missing xref marker
EPSS 0.16% · 37.3th percentile
Risk Scores
CVSS 3.1
6.199999809265137
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.16%
37.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| pypdf_project | pypdf | 0 |
| py-pdf | pypdf | < 1.27.9 |
| PyPI | PyPDF2 | 0 |
Timeline
- Apr 23, 2022 Fix PR Merged
- Jun 30, 2023 CVE Published
- Jul 1, 2023 EPSS Score
- Jul 14, 2023 CVE Updated
- Aug 5, 2023 EPSS Score
- Sep 9, 2023 EPSS Score
- Oct 14, 2023 EPSS Score
- Nov 18, 2023 EPSS Score
- Dec 23, 2023 EPSS Score
- Jan 27, 2024 EPSS Score
- Mar 2, 2024 EPSS Score
- Apr 6, 2024 EPSS Score
References
- https://github.com/py-pdf/pypdf/security/advisories/GHSA-jrm6-h9cq-8gqw url
- https://github.com/py-pdf/pypdf/issues/582 url
- https://github.com/py-pdf/pypdf/pull/808 url
- https://lists.debian.org/debian-lts-announce/2023/07/msg00019.html url
- https://nvd.nist.gov/vuln/detail/CVE-2023-36810 advisory
- https://github.com/py-pdf/pypdf/commit/c6c56f550bb384e05f0139c796ba1308837d6373 url
- https://github.com/py-pdf/pypdf package