Vulnerabilities > CVE-2023-36810 - Algorithmic Complexity vulnerability in Pypdf Project Pypdf

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

pypdf-project

CWE-407

NVD

Published: 2023-06-30

Updated: 2023-07-14

Summary

pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. This issue has been addressed in PR 808 and versions from 1.27.9 include this fix. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Pypdf_Project Pypdf Project Pypdf 1.17.0 Pypdf Project Pypdf 1.18.0 Pypdf Project Pypdf 1.19.0 Pypdf Project Pypdf 1.20.0 Pypdf Project Pypdf 1.21.0 Pypdf Project Pypdf 1.22.0 Pypdf Project Pypdf 1.23.0 Pypdf Project Pypdf 1.24.0 Pypdf Project Pypdf 1.25.0 Pypdf Project Pypdf 1.25.1 Pypdf Project Pypdf 1.26.0 Pypdf Project Pypdf 1.27.0 Pypdf Project Pypdf 1.27.1 Pypdf Project Pypdf 1.27.2 Pypdf Project Pypdf 1.27.3 Pypdf Project Pypdf 1.27.4 Pypdf Project Pypdf 1.27.5 Pypdf Project Pypdf 1.27.6 Pypdf Project Pypdf 1.27.7 Pypdf Project Pypdf 1.27.8	20

Common Weakness Enumeration (CWE)

CWE-407 - Algorithmic Complexity

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References