CVE-2013-1607Improper Input Validation in Project Pdfkit

CWE-20Improper Input ValidationCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
9.8CRITICALNVD
CISA7.8
EPSS
1.3%
top 20.50%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Pdfkit Project Pdfkit
Timeline
PublishedFeb 11
Latest updateMay 5

Description

Ruby PDFKit gem prior to 0.5.3 has a Code Execution Vulnerability

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

RubyGemspdfkit_project/pdfkit< 0.5.3

🔴Vulnerability Details

2
OSV
PDFKit Improper Input Validation vulnerability2022-05-05
GHSA
PDFKit Improper Input Validation vulnerability2022-05-05

📋Vendor Advisories

1
CISA
Microsoft Malware Protection Engine Improper Restriction of Operations Vulnerability2022-03-03

💬Community

1
Bugzilla
CVE-2013-1607 rubygem-pdfkit: remote code execution due to improperly escaped strings2020-02-17
CVE-2013-1607 — Improper Input Validation | cvebase