CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-25885

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00347/1

CVE-2024-25885: Regular Expression Denial of Service (ReDOS) in xhtml2pdf. Discover a critical vulnerability affecting xhtml2pdf v0.2.13. The getcolor function in utils.py is susceptible to a Regular expression Denial of Service (ReDOS) attack. Attackers can exploit this by supplying a crafted string. Although the CVSS score is 0, the SOCRadar Vulnerability Risk Score (SVRS) is 30, indicating a potential, though not critical, risk. A successful exploit can lead to service disruption. This CVE highlights the importance of input validation to prevent resource exhaustion. While not immediately critical, monitoring for exploitation attempts is advisable.

TAGS
No tags available
VECTOR STRING
PUBLICATION DATE2024-10-08
LAST MODIFIED2024-10-10

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-25885 | xhtml2pdf 0.2.13 String utils.py getcolor redos
vuldb.com2025-03-08
CVE-2024-25885 | xhtml2pdf 0.2.13 String utils.py getcolor redos | A vulnerability was found in xhtml2pdf 0.2.13. It has been rated as problematic. This issue affects the function getcolor of the file utils.py of the component String Handler. The manipulation leads to inefficient regular expression complexity. The identification of this vulnerability is CVE-2024-25885<
vuldb.com
rss
forum
news

Social Media

CVE-2024-25885 An issue in the getcolor function in https://t.co/BMJaZKdN4K of xhtml2pdf v0.2.13 allows attackers to cause a Regular expression Denial of Service (ReDOS) via supplying a crafted st… https://t.co/rzEx8wjsgT
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]http://dirk.com
[email protected]http://xhtml2pdf.com
[email protected]https://gist.github.com/salvatore-abello/c88dd0027496774023ef36c7b576d206
GITHUBhttps://gist.github.com/salvatore-abello/c88dd0027496774023ef36c7b576d206

CWE Details

CWE IDCWE NameDescription
CWE-1333Inefficient Regular Expression ComplexityThe product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence