CVE-2023-28428— PDFio vulnerable to Denial Of Service when opening a corrupt PDF file

PDFio vulnerable to Denial Of Service when opening a corrupt PDF file

PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue is available in version 1.1.1.

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

不加限制或调节的资源分配

PDFio 安全漏洞

PDFio是一个简单的 C 库，用于读取和写入 PDF 文件。 PDFio 1.1.0及之前版本存在安全漏洞，该漏洞源于存在拒绝服务漏洞。攻击者可利用该漏洞制作PDF文件触发拒绝服务。

N/A

N/A