First published: Thu Aug 10 2023(Updated: )
It was discovered that PyPDF2 incorrectly handled PDF files with certain markers. If a user or automated system were tricked into processing a specially crafted file, an attacker could possibly use this issue to consume system resources, resulting in a denial of service.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/python3-pypdf2 | <1.26.0-4ubuntu0.22.04.2 | 1.26.0-4ubuntu0.22.04.2 |
Ubuntu Ubuntu | =22.04 | |
All of | ||
ubuntu/python-pypdf2 | <1.26.0-3ubuntu1.20.04.2 | 1.26.0-3ubuntu1.20.04.2 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/python3-pypdf2 | <1.26.0-3ubuntu1.20.04.2 | 1.26.0-3ubuntu1.20.04.2 |
Ubuntu Ubuntu | =20.04 | |
All of | ||
ubuntu/python-pypdf2 | <1.26.0-2ubuntu0.1~esm2 | 1.26.0-2ubuntu0.1~esm2 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/python3-pypdf2 | <1.26.0-2ubuntu0.1~esm2 | 1.26.0-2ubuntu0.1~esm2 |
Ubuntu Ubuntu | =18.04 | |
All of | ||
ubuntu/python-pypdf2 | <1.25.1-1ubuntu0.1~esm2 | 1.25.1-1ubuntu0.1~esm2 |
Ubuntu Ubuntu | =16.04 | |
All of | ||
ubuntu/python3-pypdf2 | <1.25.1-1ubuntu0.1~esm2 | 1.25.1-1ubuntu0.1~esm2 |
Ubuntu Ubuntu | =16.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this PyPDF2 vulnerability is CVE-2023-36810.
The vulnerability could allow an attacker to consume system resources, resulting in a denial of service.
PyPDF2 versions up to and including 1.26.0 are affected by this vulnerability.
To fix this vulnerability, update PyPDF2 to version 1.26.0 or higher.
You can find more information about this vulnerability on the Ubuntu Security website and the Ubuntu Launchpad webpage for PyPDF2.