cbcvebase.
CVE-2021-3508
published 2021-04-28

CVE-2021-3508: A flaw was found in PDFResurrect in version 0.22b. There is an infinite loop in get_xref_linear_skipped() in pdf.c via a crafted PDF file.

PriorityP417medium5.5CVSS 3.1
AVLACLPRNUIRSUCNINAH
EPSS
0.76%
50.7th percentile
A flaw was found in PDFResurrect in version 0.22b. There is an infinite loop in get_xref_linear_skipped() in pdf.c via a crafted PDF file.

Affected

10 ranges
VendorProductVersion rangeFixed in
debianpdfresurrect< pdfresurrect 0.22-3 (bookworm)pdfresurrect 0.22-3 (bookworm)
pdfresurrect_projectpdfresurrect
pdfresurrect_projectpdfresurrect
pdfresurrect_projectpdfresurrect>= 0 < 0.22-30.22-3
pdfresurrect_projectpdfresurrect>= 0 < 0.22-30.22-3
pdfresurrect_projectpdfresurrect>= 0 < 0.22-30.22-3
pdfresurrect_projectpdfresurrect>= 0 < 0.12-6ubuntu0.2+esm10.12-6ubuntu0.2+esm1
pdfresurrect_projectpdfresurrect>= 0 < 0.14-1ubuntu0.1~esm10.14-1ubuntu0.1~esm1
pdfresurrect_projectpdfresurrect>= 0 < 0.19-1ubuntu0.1~esm10.19-1ubuntu0.1~esm1
pdfresurrect_projectpdfresurrect>= 0 < 0.22-2ubuntu0.1~esm10.22-2ubuntu0.1~esm1

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv7.8HIGH
vendor_ubuntu7.8HIGH
vendor_debian5.5LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.