CVE-2023-28428

NameCVE-2023-28428
DescriptionPDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue is available in version 1.1.1.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1034155

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
ippsample (PTS)bookworm, sid0.0~git20220607.72f89b3-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
ippsamplesource(unstable)(unfixed)unimportant1034155

Notes

Crash in CLI tool, no security impact
https://github.com/michaelrsweet/pdfio/commit/97d4955666779dc5b0665e15dd951a5c12426a31 (v1.1.1)
https://github.com/michaelrsweet/pdfio/security/advisories/GHSA-68x8-9phf-j7jf

Search for package or bug name: Reporting problems