CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-42358 – Loop with Unreachable Exit Condition ('Infinite Loop') in pdfio
https://notcve.org/view.php?id=CVE-2024-42358
PDFio is a simple C library for reading and writing PDF files. There is a denial of service (DOS) vulnerability in the TTF parser. Maliciously crafted TTF files can cause the program to utilize 100% of the Memory and enter an infinite loop. This can also lead to a heap-buffer-overflow vulnerability. An infinite loop occurs in the read_camp function by nGroups value. • https://github.com/michaelrsweet/pdfio/commit/e4e1c39578279386b0ab9f9ac14b20a8bad4f935 https://github.com/michaelrsweet/pdfio/security/advisories/GHSA-4hh9-j68x-8353 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28428 – PDFio vulnerable to Denial Of Service when opening a corrupt PDF file
https://notcve.org/view.php?id=CVE-2023-28428
PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue is available in version 1.1.1. • https://github.com/michaelrsweet/pdfio/commit/97d4955666779dc5b0665e15dd951a5c12426a31 https://github.com/michaelrsweet/pdfio/security/advisories/GHSA-68x8-9phf-j7jf • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24808 – Denial Of Service when opening a corrupt PDF file in pdfio
https://notcve.org/view.php?id=CVE-2023-24808
PDFio is a C library for reading and writing PDF files. In versions prior to 1.1.0 a denial of service (DOS) vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. The pdf which causes this crash found in testing is about 28kb in size and was discovered via fuzzing. Anyone who uses this library either as a standalone binary or as a library can be DOSed when attempting to parse this type of file. • https://github.com/michaelrsweet/pdfio/commit/4f10021e7ee527c1aa24853e2947e38e154d9ccb https://github.com/michaelrsweet/pdfio/security/advisories/GHSA-cjc4-x96x-fvgf • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •