Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 907924 (CVE-2023-33733)

Summary: dev-python/reportlab: remote code execution
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: major CC: python
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/c53elyas/CVE-2023-33733
Whiteboard: B1 [upstream]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-06-06 03:44:13 UTC 
CVE-2023-33733:

Reportlab up to v3.6.12 allows attackers to execute arbitrary code via supplying a crafted PDF file.

I don't see any link to an upstream report. I also note that MITRE
apparently can't even filter out blatant advertising to their CVE
references:

https://www.linkedin.com/in/elyas-damej-714b7269/
https://cure53.de/

(https://github.com/CVEProject/cvelist/blob/c37734b61aa3f1a514bef29f2ab9aa352dcdaeda/2023/33xxx/CVE-2023-33733.json#L53)