vulnerability
Ubuntu: USN-6280-1 (CVE-2023-36810): PyPDF2 vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:L/AC:L/Au:N/C:N/I:N/A:C) | Jun 30, 2023 | Aug 14, 2023 | Apr 16, 2026 |
Severity
5
CVSS
(AV:L/AC:L/Au:N/C:N/I:N/A:C)
Published
Jun 30, 2023
Added
Aug 14, 2023
Modified
Apr 16, 2026
Description
pypdf is a pure-python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. An attacker who uses this vulnerability can craft a PDF which leads to unexpected long runtime. This quadratic runtime blocks the current process and can utilize a single core of the CPU by 100%. It does not affect memory usage. This issue has been addressed in PR 808 and versions from 1.27.9 include this fix. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Solutions
ubuntu-pro-upgrade-python-pypdf2ubuntu-pro-upgrade-python3-pypdf2ubuntu-upgrade-python-pypdf2ubuntu-upgrade-python3-pypdf2
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.