CVE-2023-28428

Name	CVE-2023-28428
Description	PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue is available in version 1.1.1.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs	1034155

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
ippsample (PTS)	bookworm, sid	0.0~git20220607.72f89b3-1	vulnerable

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
ippsample	source	(unstable)	(unfixed)			1034155

Notes

[bookworm] - ippsample <no-dsa> (Minor issue)
https://github.com/michaelrsweet/pdfio/commit/97d4955666779dc5b0665e15dd951a5c12426a31 (v1.1.1)
https://github.com/michaelrsweet/pdfio/security/advisories/GHSA-68x8-9phf-j7jf