How severe is CVE-2022-24859?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2022-24859?

This is classified as CWE-835, which is a common weakness in software security.

CVE-2022-24859

MEDIUM Year: 2022

CVSS v3 Score

5.5

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-835

View all →

Vulnerability Description

PyPDF2 is an open source python PDF library capable of splitting, merging, cropping, and transforming the pages of PDF files. In versions prior to 1.27.5 an attacker who uses this vulnerability can craft a PDF which leads to an infinite loop if the PyPDF2 if the code attempts to get the content stream. The reason is that the last while-loop in `ContentStream._readInlineImage` only terminates when it finds the `EI` token, but never actually checks if the stream has already ended. This issue has been resolved in version `1.27.5`. Users unable to upgrade should validate and PDFs prior to iterating over their content stream.

CVE-2010-0207

MEDIUM

CVSS:5.5(Medium)

In xpdf, the xref table contains an infinite loop which allows remote attackers to cause a denial of service (application crash) in xpdf-based PDF viewers.

CWE-8352010

CVE-2011-4621

MEDIUM

CVSS:5.5(Medium)

The Linux kernel before 2.6.37 does not properly implement a certain clock-update optimization, which allows local users to cause a denial of service (system hang) via an application that executes cod...

CWE-8352011

CVE-2012-0248

MEDIUM

CVSS:5.5(Medium)

ImageMagick 6.7.5-7 and earlier allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted image whose IFD contains IOP tags that all reference the beginning of the ID...

CWE-8352012

CVE-2012-1186

MEDIUM

CVSS:5.5(Medium)

Integer overflow in the SyncImageProfiles function in profile.c in ImageMagick 6.7.5-8 and earlier allows remote attackers to cause a denial of service (infinite loop) via crafted IOP tag offsets in t...

CWE-8352012

CVE-2014-0148

MEDIUM

CVSS:5.5(Medium)

Qemu before 2.0 block driver for Hyper-V VHDX Images is vulnerable to infinite loops and other potential issues when calculating BAT entries, due to missing bounds checks for block_size and logical_se...

CWE-8352014

CVE-2015-10103

MEDIUM

CVSS:5.5(Medium)

A vulnerability, which was classified as problematic, was found in InternalError503 Forget It up to 1.3. This affects an unknown part of the file js/settings.js. The manipulation of the argument setFo...

CWE-8352015

CVE-2022-24859

Vulnerability Description

Related Vulnerabilities

CVE-2010-0207

CVE-2011-4621

CVE-2012-0248

CVE-2012-1186

CVE-2014-0148

CVE-2015-10103