CVE-2024-56139

pdftools is a high level tools to convert PDF files to ePUB formats. In versions up to and including 0.5.0 maliciously crafted epub files can cause a stack overflow leading to a crash. This issue has not yet been addressed and users are advised to avoid untrusted input to their systems.

CVSS

No CVSS.

References

Link	Resource
https://github.com/leonhad/pdftools/security/advisories/GHSA-hgvf-4pf3-fwc9
https://github.com/leonhad/pdftools/security/advisories/GHSA-hgvf-4pf3-fwc9

Configurations

No configuration.

History

20 Dec 2024, 21:15

Type	Values Removed	Values Added
References	~~() https://github.com/leonhad/pdftools/security/advisories/GHSA-hgvf-4pf3-fwc9 -~~	() https://github.com/leonhad/pdftools/security/advisories/GHSA-hgvf-4pf3-fwc9 -
Summary		(es) pdftools es una herramienta de alto nivel para convertir archivos PDF a formatos ePUB. En versiones hasta la 0.5.0 incluida, los archivos ePUB manipulados con fines malintencionados pueden provocar un desbordamiento de pila que provoque un bloqueo. Este problema aún no se ha solucionado y se recomienda a los usuarios que eviten la entrada de datos no confiables a sus sistemas.

17 Dec 2024, 19:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-12-17 19:15

Updated : 2024-12-20 21:15

NVD link : CVE-2024-56139

Mitre link : CVE-2024-56139

CVE.ORG link : CVE-2024-56139

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2024-56139", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"safety": "NOT_DEFINED", "version": "4.0", "recovery": "NOT_DEFINED", "baseScore": 6.9, "automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "modifiedAttackVector": "NOT_DEFINED", "integrityRequirements": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "availabilityRequirements": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subsequentSystemIntegrity": "NONE", "vulnerableSystemIntegrity": "NONE", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "confidentialityRequirements": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "subsequentSystemAvailability": "NONE", "vulnerableSystemAvailability": "LOW", "subsequentSystemConfidentiality": "NONE", "vulnerableSystemConfidentiality": "NONE", "modifiedSubsequentSystemIntegrity": "NOT_DEFINED", "modifiedVulnerableSystemIntegrity": "NOT_DEFINED", "modifiedSubsequentSystemAvailability": "NOT_DEFINED", "modifiedVulnerableSystemAvailability": "NOT_DEFINED", "modifiedSubsequentSystemConfidentiality": "NOT_DEFINED", "modifiedVulnerableSystemConfidentiality": "NOT_DEFINED"}}]}, "published": "2024-12-17T19:15:07.010", "references": [{"url": "https://github.com/leonhad/pdftools/security/advisories/GHSA-hgvf-4pf3-fwc9", "source": "security-advisories@github.com"}, {"url": "https://github.com/leonhad/pdftools/security/advisories/GHSA-hgvf-4pf3-fwc9", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "pdftools is a high level tools to convert PDF files to ePUB formats. In versions up to and including 0.5.0 maliciously crafted epub files can cause a stack overflow leading to a crash. This issue has not yet been addressed and users are advised to avoid untrusted input to their systems."}, {"lang": "es", "value": "pdftools es una herramienta de alto nivel para convertir archivos PDF a formatos ePUB. En versiones hasta la 0.5.0 incluida, los archivos ePUB manipulados con fines malintencionados pueden provocar un desbordamiento de pila que provoque un bloqueo. Este problema a\u00fan no se ha solucionado y se recomienda a los usuarios que eviten la entrada de datos no confiables a sus sistemas."}], "lastModified": "2024-12-20T21:15:09.787", "sourceIdentifier": "security-advisories@github.com"}