CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28428 – PDFio vulnerable to Denial Of Service when opening a corrupt PDF file
https://notcve.org/view.php?id=CVE-2023-28428
PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue is available in version 1.1.1. • https://github.com/michaelrsweet/pdfio/commit/97d4955666779dc5b0665e15dd951a5c12426a31 https://github.com/michaelrsweet/pdfio/security/advisories/GHSA-68x8-9phf-j7jf • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-24808 – Denial Of Service when opening a corrupt PDF file in pdfio
https://notcve.org/view.php?id=CVE-2023-24808
PDFio is a C library for reading and writing PDF files. In versions prior to 1.1.0 a denial of service (DOS) vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. The pdf which causes this crash found in testing is about 28kb in size and was discovered via fuzzing. Anyone who uses this library either as a standalone binary or as a library can be DOSed when attempting to parse this type of file. • https://github.com/michaelrsweet/pdfio/commit/4f10021e7ee527c1aa24853e2947e38e154d9ccb https://github.com/michaelrsweet/pdfio/security/advisories/GHSA-cjc4-x96x-fvgf • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •