Search

Find a vulnerability

Search criteria

    38 vulnerabilities found for qpdf by qpdf_project

    CVE-2024-24246 (GCVE-0-2024-24246)

    Vulnerability from nvd – Published: 2024-02-29 00:00 – Updated: 2025-11-04 22:05
    VLAI
    Summary
    Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    qpdf_project qpdf Affected: 11.9.0
        cpe:2.3:a:qpdf_project:qpdf:11.9.0:*:*:*:*:*:*:*
    Create a notification for this product.
    fedoraproject fedora Affected: 38
        cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
    Create a notification for this product.
    fedoraproject fedora Affected: 39
        cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
    Create a notification for this product.
    fedoraproject fedora Affected: 40
        cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T22:05:46.286Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/1123"
              },
              {
                "name": "FEDORA-2024-daa7df59d6",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FX3D3YCNS6CQL3774OFUROLP3EM25ILC/"
              },
              {
                "name": "FEDORA-2024-8762164e47",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WLK6ICPJUMOJNHZQWXAA5MPXG5JHZZL/"
              },
              {
                "name": "FEDORA-2024-7d55be81bd",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3N6TULMEYVCLXO47Y5W4VWCJMSB72CB/"
              },
              {
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3N6TULMEYVCLXO47Y5W4VWCJMSB72CB/"
              },
              {
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX3D3YCNS6CQL3774OFUROLP3EM25ILC/"
              },
              {
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4WLK6ICPJUMOJNHZQWXAA5MPXG5JHZZL/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:qpdf_project:qpdf:11.9.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qpdf",
                "vendor": "qpdf_project",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.9.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fedora",
                "vendor": "fedoraproject",
                "versions": [
                  {
                    "status": "affected",
                    "version": "38"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fedora",
                "vendor": "fedoraproject",
                "versions": [
                  {
                    "status": "affected",
                    "version": "39"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fedora",
                "vendor": "fedoraproject",
                "versions": [
                  {
                    "status": "affected",
                    "version": "40"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24246",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-09T14:01:40.615974Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-122",
                    "description": "CWE-122 Heap-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-09T14:26:35.727Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-23T02:06:32.261Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/qpdf/qpdf/issues/1123"
            },
            {
              "name": "FEDORA-2024-daa7df59d6",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FX3D3YCNS6CQL3774OFUROLP3EM25ILC/"
            },
            {
              "name": "FEDORA-2024-8762164e47",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WLK6ICPJUMOJNHZQWXAA5MPXG5JHZZL/"
            },
            {
              "name": "FEDORA-2024-7d55be81bd",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3N6TULMEYVCLXO47Y5W4VWCJMSB72CB/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-24246",
        "datePublished": "2024-02-29T00:00:00.000Z",
        "dateReserved": "2024-01-25T00:00:00.000Z",
        "dateUpdated": "2025-11-04T22:05:46.286Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-25786 (GCVE-0-2021-25786)

    Vulnerability from nvd – Published: 2023-08-11 00:00 – Updated: 2024-10-09 17:50
    VLAI
    Summary
    An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:11:28.412Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/492"
              },
              {
                "name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3548-1] qpdf security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-25786",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-09T17:50:50.352094Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-09T17:50:57.829Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-30T00:06:50.332Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/qpdf/qpdf/issues/492"
            },
            {
              "name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3548-1] qpdf security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-25786",
        "datePublished": "2023-08-11T00:00:00.000Z",
        "dateReserved": "2021-01-22T00:00:00.000Z",
        "dateUpdated": "2024-10-09T17:50:57.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-34503 (GCVE-0-2022-34503)

    Vulnerability from nvd – Published: 2022-07-22 14:17 – Updated: 2024-08-03 09:15
    VLAI
    Summary
    QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/qpdf/qpdf/issues/701 x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:15:15.245Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/701"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-22T14:17:21.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/701"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-34503",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/qpdf/qpdf/issues/701",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/issues/701"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-34503",
        "datePublished": "2022-07-22T14:17:21.000Z",
        "dateReserved": "2022-06-26T00:00:00.000Z",
        "dateUpdated": "2024-08-03T09:15:15.245Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-36978 (GCVE-0-2021-36978)

    Vulnerability from nvd – Published: 2021-07-20 00:00 – Updated: 2024-10-15 17:14
    VLAI
    Summary
    QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:09:07.769Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/492"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2020-2245.yaml"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262"
              },
              {
                "name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3548-1] qpdf security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html"
              },
              {
                "name": "GLSA-202401-20",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202401-20"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-36978",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T17:09:38.204891Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T17:14:33.718Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-15T14:06:20.522Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/qpdf/qpdf/issues/492"
            },
            {
              "url": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5"
            },
            {
              "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2020-2245.yaml"
            },
            {
              "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262"
            },
            {
              "name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3548-1] qpdf security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html"
            },
            {
              "name": "GLSA-202401-20",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202401-20"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-36978",
        "datePublished": "2021-07-20T00:00:00.000Z",
        "dateReserved": "2021-07-20T00:00:00.000Z",
        "dateUpdated": "2024-10-15T17:14:33.718Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18020 (GCVE-0-2018-18020)

    Vulnerability from nvd – Published: 2018-10-06 00:00 – Updated: 2024-08-05 11:01
    VLAI
    Summary
    In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-10-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.763Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/243"
              },
              {
                "name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3548-1] qpdf security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-30T00:06:48.855Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/qpdf/qpdf/issues/243"
            },
            {
              "name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3548-1] qpdf security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-18020",
        "datePublished": "2018-10-06T00:00:00.000Z",
        "dateReserved": "2018-10-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:01:14.763Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-9918 (GCVE-0-2018-9918)

    Vulnerability from nvd – Published: 2018-04-10 18:00 – Updated: 2024-08-05 07:24
    VLAI
    Summary
    libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3638-1/ vendor-advisoryx_refsource_UBUNTU
    https://github.com/qpdf/qpdf/commit/b4d6cf6836ce0… x_refsource_MISC
    https://github.com/qpdf/qpdf/issues/202 x_refsource_MISC
    Date Public
    2018-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:24:56.362Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3638-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/commit/b4d6cf6836ce025ba1811b7bbec52680c7204223"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/202"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "libqpdf.a in QPDF through 8.0.2 mishandles certain \"expected dictionary key but found non-name object\" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3638-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/commit/b4d6cf6836ce025ba1811b7bbec52680c7204223"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/202"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-9918",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "libqpdf.a in QPDF through 8.0.2 mishandles certain \"expected dictionary key but found non-name object\" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3638-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3638-1/"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/commit/b4d6cf6836ce025ba1811b7bbec52680c7204223",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/commit/b4d6cf6836ce025ba1811b7bbec52680c7204223"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/issues/202",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/issues/202"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-9918",
        "datePublished": "2018-04-10T18:00:00.000Z",
        "dateReserved": "2018-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:24:56.362Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-18186 (GCVE-0-2017-18186)

    Vulnerability from nvd – Published: 2018-02-13 19:00 – Updated: 2024-08-05 21:13
    VLAI
    Summary
    An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3638-1/ vendor-advisoryx_refsource_UBUNTU
    https://github.com/qpdf/qpdf/commit/85f05cc57ffa0… x_refsource_MISC
    https://github.com/qpdf/qpdf/issues/149 x_refsource_MISC
    Date Public
    2018-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:13:49.012Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3638-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/149"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3638-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/149"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-18186",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3638-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3638-1/"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/issues/149",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/issues/149"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-18186",
        "datePublished": "2018-02-13T19:00:00.000Z",
        "dateReserved": "2018-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T21:13:49.012Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-18185 (GCVE-0-2017-18185)

    Vulnerability from nvd – Published: 2018-02-13 19:00 – Updated: 2024-08-05 21:13
    VLAI
    Summary
    An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/qpdf/qpdf/commit/ec7d74a386c0b… x_refsource_MISC
    https://usn.ubuntu.com/3638-1/ vendor-advisoryx_refsource_UBUNTU
    https://github.com/qpdf/qpdf/issues/150 x_refsource_MISC
    Date Public
    2018-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:13:49.098Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/commit/ec7d74a386c0b2f38990079c3b0d2a2b30be0e71"
              },
              {
                "name": "USN-3638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3638-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/150"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/commit/ec7d74a386c0b2f38990079c3b0d2a2b30be0e71"
            },
            {
              "name": "USN-3638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3638-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/150"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-18185",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/qpdf/qpdf/commit/ec7d74a386c0b2f38990079c3b0d2a2b30be0e71",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/commit/ec7d74a386c0b2f38990079c3b0d2a2b30be0e71"
                },
                {
                  "name": "USN-3638-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3638-1/"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/issues/150",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/issues/150"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-18185",
        "datePublished": "2018-02-13T19:00:00.000Z",
        "dateReserved": "2018-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T21:13:49.098Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-18184 (GCVE-0-2017-18184)

    Vulnerability from nvd – Published: 2018-02-13 19:00 – Updated: 2024-08-05 21:13
    VLAI
    Summary
    An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3638-1/ vendor-advisoryx_refsource_UBUNTU
    https://github.com/qpdf/qpdf/commit/dea704f0ab7f6… x_refsource_MISC
    https://github.com/qpdf/qpdf/issues/147 x_refsource_MISC
    Date Public
    2018-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:13:49.072Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3638-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/147"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3638-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/147"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-18184",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3638-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3638-1/"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/issues/147",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/issues/147"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-18184",
        "datePublished": "2018-02-13T19:00:00.000Z",
        "dateReserved": "2018-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T21:13:49.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-18183 (GCVE-0-2017-18183)

    Vulnerability from nvd – Published: 2018-02-13 19:00 – Updated: 2024-08-05 21:13
    VLAI
    Summary
    An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/qpdf/qpdf/commit/8249a26d69f72… x_refsource_MISC
    https://github.com/qpdf/qpdf/issues/143 x_refsource_MISC
    https://usn.ubuntu.com/3638-1/ vendor-advisoryx_refsource_UBUNTU
    Date Public
    2018-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:13:49.097Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/commit/8249a26d69f72b9cda584c14cc3f12769985e481"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/143"
              },
              {
                "name": "USN-3638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3638-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/commit/8249a26d69f72b9cda584c14cc3f12769985e481"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/143"
            },
            {
              "name": "USN-3638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3638-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-18183",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/qpdf/qpdf/commit/8249a26d69f72b9cda584c14cc3f12769985e481",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/commit/8249a26d69f72b9cda584c14cc3f12769985e481"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/issues/143",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/issues/143"
                },
                {
                  "name": "USN-3638-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3638-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-18183",
        "datePublished": "2018-02-13T19:00:00.000Z",
        "dateReserved": "2018-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T21:13:49.097Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-9252 (GCVE-0-2015-9252)

    Vulnerability from nvd – Published: 2018-02-13 19:00 – Updated: 2024-08-06 08:43
    VLAI
    Summary
    An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/qpdf/qpdf/issues/51 x_refsource_MISC
    https://usn.ubuntu.com/3638-1/ vendor-advisoryx_refsource_UBUNTU
    https://github.com/qpdf/qpdf/commit/701b518d5c56a… x_refsource_MISC
    Date Public
    2018-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:43:42.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/51"
              },
              {
                "name": "USN-3638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3638-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/51"
            },
            {
              "name": "USN-3638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3638-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-9252",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/qpdf/qpdf/issues/51",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/issues/51"
                },
                {
                  "name": "USN-3638-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3638-1/"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-9252",
        "datePublished": "2018-02-13T19:00:00.000Z",
        "dateReserved": "2018-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:43:42.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12595 (GCVE-0-2017-12595)

    Vulnerability from nvd – Published: 2017-08-27 15:00 – Updated: 2024-08-05 18:43
    VLAI
    Summary
    The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/qpdf/qpdf/issues/146 x_refsource_CONFIRM
    https://usn.ubuntu.com/3638-1/ vendor-advisoryx_refsource_UBUNTU
    https://github.com/qpdf/qpdf/commit/ad527a64f93dc… x_refsource_CONFIRM
    Date Public
    2017-08-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:43:55.969Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/146"
              },
              {
                "name": "USN-3638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3638-1/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-08-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/146"
            },
            {
              "name": "USN-3638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3638-1/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-12595",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/qpdf/qpdf/issues/146",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/qpdf/qpdf/issues/146"
                },
                {
                  "name": "USN-3638-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3638-1/"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-12595",
        "datePublished": "2017-08-27T15:00:00.000Z",
        "dateReserved": "2017-08-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:43:55.969Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11627 (GCVE-0-2017-11627)

    Vulnerability from nvd – Published: 2017-07-25 23:00 – Updated: 2024-08-05 18:12
    VLAI
    Summary
    A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/qpdf/qpdf/issues/118 x_refsource_MISC
    https://usn.ubuntu.com/3638-1/ vendor-advisoryx_refsource_UBUNTU
    http://somevulnsofadlab.blogspot.jp/2017/07/qpdfa… x_refsource_MISC
    Date Public
    2017-07-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:12:40.943Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/118"
              },
              {
                "name": "USN-3638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3638-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_21.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-07-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an \"infinite loop.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/118"
            },
            {
              "name": "USN-3638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3638-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_21.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-11627",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an \"infinite loop.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/qpdf/qpdf/issues/118",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/issues/118"
                },
                {
                  "name": "USN-3638-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3638-1/"
                },
                {
                  "name": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_21.html",
                  "refsource": "MISC",
                  "url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_21.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-11627",
        "datePublished": "2017-07-25T23:00:00.000Z",
        "dateReserved": "2017-07-25T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:12:40.943Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11626 (GCVE-0-2017-11626)

    Vulnerability from nvd – Published: 2017-07-25 23:00 – Updated: 2024-08-05 18:12
    VLAI
    Summary
    A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://somevulnsofadlab.blogspot.jp/2017/07/qpdfa… x_refsource_MISC
    https://usn.ubuntu.com/3638-1/ vendor-advisoryx_refsource_UBUNTU
    https://github.com/qpdf/qpdf/issues/119 x_refsource_MISC
    Date Public
    2017-07-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:12:40.746Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html"
              },
              {
                "name": "USN-3638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3638-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/119"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-07-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an \"infinite loop.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html"
            },
            {
              "name": "USN-3638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3638-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/119"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-11626",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an \"infinite loop.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html",
                  "refsource": "MISC",
                  "url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html"
                },
                {
                  "name": "USN-3638-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3638-1/"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/issues/119",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/issues/119"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-11626",
        "datePublished": "2017-07-25T23:00:00.000Z",
        "dateReserved": "2017-07-25T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:12:40.746Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11625 (GCVE-0-2017-11625)

    Vulnerability from nvd – Published: 2017-07-25 23:00 – Updated: 2024-08-05 18:12
    VLAI
    Summary
    A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3638-1/ vendor-advisoryx_refsource_UBUNTU
    http://somevulnsofadlab.blogspot.jp/2017/07/qpdfa… x_refsource_MISC
    https://github.com/qpdf/qpdf/issues/120 x_refsource_MISC
    Date Public
    2017-07-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:12:40.950Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3638-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_26.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/120"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-07-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an \"infinite loop.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3638-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_26.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/120"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-11625",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an \"infinite loop.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3638-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3638-1/"
                },
                {
                  "name": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_26.html",
                  "refsource": "MISC",
                  "url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_26.html"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/issues/120",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/issues/120"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-11625",
        "datePublished": "2017-07-25T23:00:00.000Z",
        "dateReserved": "2017-07-25T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:12:40.950Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11624 (GCVE-0-2017-11624)

    Vulnerability from nvd – Published: 2017-07-25 23:00 – Updated: 2024-08-05 18:12
    VLAI
    Summary
    A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3638-1/ vendor-advisoryx_refsource_UBUNTU
    http://somevulnsofadlab.blogspot.jp/2017/07/qpdfa… x_refsource_MISC
    https://github.com/qpdf/qpdf/issues/117 x_refsource_MISC
    Date Public
    2017-07-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:12:40.949Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3638-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf.html"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/117"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-07-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an \"infinite loop.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3638-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf.html"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/117"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-11624",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an \"infinite loop.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3638-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3638-1/"
                },
                {
                  "name": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf.html",
                  "refsource": "MISC",
                  "url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf.html"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/issues/117",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/issues/117"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-11624",
        "datePublished": "2017-07-25T23:00:00.000Z",
        "dateReserved": "2017-07-25T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:12:40.949Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-24246 (GCVE-0-2024-24246)

    Vulnerability from cvelistv5 – Published: 2024-02-29 00:00 – Updated: 2025-11-04 22:05
    VLAI
    Summary
    Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-122 - Heap-based Buffer Overflow
    Assigner
    Impacted products
    Vendor Product Version
    qpdf_project qpdf Affected: 11.9.0
        cpe:2.3:a:qpdf_project:qpdf:11.9.0:*:*:*:*:*:*:*
    Create a notification for this product.
    fedoraproject fedora Affected: 38
        cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*
    Create a notification for this product.
    fedoraproject fedora Affected: 39
        cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*
    Create a notification for this product.
    fedoraproject fedora Affected: 40
        cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2025-11-04T22:05:46.286Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/1123"
              },
              {
                "name": "FEDORA-2024-daa7df59d6",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FX3D3YCNS6CQL3774OFUROLP3EM25ILC/"
              },
              {
                "name": "FEDORA-2024-8762164e47",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WLK6ICPJUMOJNHZQWXAA5MPXG5JHZZL/"
              },
              {
                "name": "FEDORA-2024-7d55be81bd",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3N6TULMEYVCLXO47Y5W4VWCJMSB72CB/"
              },
              {
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3N6TULMEYVCLXO47Y5W4VWCJMSB72CB/"
              },
              {
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX3D3YCNS6CQL3774OFUROLP3EM25ILC/"
              },
              {
                "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4WLK6ICPJUMOJNHZQWXAA5MPXG5JHZZL/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:qpdf_project:qpdf:11.9.0:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "qpdf",
                "vendor": "qpdf_project",
                "versions": [
                  {
                    "status": "affected",
                    "version": "11.9.0"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fedora",
                "vendor": "fedoraproject",
                "versions": [
                  {
                    "status": "affected",
                    "version": "38"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:fedoraproject:fedora:39:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fedora",
                "vendor": "fedoraproject",
                "versions": [
                  {
                    "status": "affected",
                    "version": "39"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:o:fedoraproject:fedora:40:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "fedora",
                "vendor": "fedoraproject",
                "versions": [
                  {
                    "status": "affected",
                    "version": "40"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "LOCAL",
                  "availabilityImpact": "HIGH",
                  "baseScore": 5.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "REQUIRED",
                  "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-24246",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-08-09T14:01:40.615974Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-122",
                    "description": "CWE-122 Heap-based Buffer Overflow",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-08-09T14:26:35.727Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-03-23T02:06:32.261Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/qpdf/qpdf/issues/1123"
            },
            {
              "name": "FEDORA-2024-daa7df59d6",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FX3D3YCNS6CQL3774OFUROLP3EM25ILC/"
            },
            {
              "name": "FEDORA-2024-8762164e47",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WLK6ICPJUMOJNHZQWXAA5MPXG5JHZZL/"
            },
            {
              "name": "FEDORA-2024-7d55be81bd",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U3N6TULMEYVCLXO47Y5W4VWCJMSB72CB/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2024-24246",
        "datePublished": "2024-02-29T00:00:00.000Z",
        "dateReserved": "2024-01-25T00:00:00.000Z",
        "dateUpdated": "2025-11-04T22:05:46.286Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-25786 (GCVE-0-2021-25786)

    Vulnerability from cvelistv5 – Published: 2023-08-11 00:00 – Updated: 2024-10-09 17:50
    VLAI
    Summary
    An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T20:11:28.412Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/492"
              },
              {
                "name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3548-1] qpdf security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-25786",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-09T17:50:50.352094Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-09T17:50:57.829Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-30T00:06:50.332Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/qpdf/qpdf/issues/492"
            },
            {
              "name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3548-1] qpdf security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-25786",
        "datePublished": "2023-08-11T00:00:00.000Z",
        "dateReserved": "2021-01-22T00:00:00.000Z",
        "dateUpdated": "2024-10-09T17:50:57.829Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-34503 (GCVE-0-2022-34503)

    Vulnerability from cvelistv5 – Published: 2022-07-22 14:17 – Updated: 2024-08-03 09:15
    VLAI
    Summary
    QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/qpdf/qpdf/issues/701 x_refsource_MISC
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T09:15:15.245Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/701"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-22T14:17:21.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/701"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2022-34503",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/qpdf/qpdf/issues/701",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/issues/701"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2022-34503",
        "datePublished": "2022-07-22T14:17:21.000Z",
        "dateReserved": "2022-06-26T00:00:00.000Z",
        "dateUpdated": "2024-08-03T09:15:15.245Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2021-36978 (GCVE-0-2021-36978)

    Vulnerability from cvelistv5 – Published: 2021-07-20 00:00 – Updated: 2024-10-15 17:14
    VLAI
    Summary
    QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T01:09:07.769Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/492"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2020-2245.yaml"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262"
              },
              {
                "name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3548-1] qpdf security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html"
              },
              {
                "name": "GLSA-202401-20",
                "tags": [
                  "vendor-advisory",
                  "x_transferred"
                ],
                "url": "https://security.gentoo.org/glsa/202401-20"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2021-36978",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-10-15T17:09:38.204891Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-10-15T17:14:33.718Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-15T14:06:20.522Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/qpdf/qpdf/issues/492"
            },
            {
              "url": "https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5"
            },
            {
              "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2020-2245.yaml"
            },
            {
              "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262"
            },
            {
              "name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3548-1] qpdf security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html"
            },
            {
              "name": "GLSA-202401-20",
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://security.gentoo.org/glsa/202401-20"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-36978",
        "datePublished": "2021-07-20T00:00:00.000Z",
        "dateReserved": "2021-07-20T00:00:00.000Z",
        "dateUpdated": "2024-10-15T17:14:33.718Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-18020 (GCVE-0-2018-18020)

    Vulnerability from cvelistv5 – Published: 2018-10-06 00:00 – Updated: 2024-08-05 11:01
    VLAI
    Summary
    In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2018-10-06 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T11:01:14.763Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/243"
              },
              {
                "name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3548-1] qpdf security update",
                "tags": [
                  "mailing-list",
                  "x_transferred"
                ],
                "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-10-06T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-08-30T00:06:48.855Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://github.com/qpdf/qpdf/issues/243"
            },
            {
              "name": "[debian-lts-announce] 20230829 [SECURITY] [DLA 3548-1] qpdf security update",
              "tags": [
                "mailing-list"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-18020",
        "datePublished": "2018-10-06T00:00:00.000Z",
        "dateReserved": "2018-10-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T11:01:14.763Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2018-9918 (GCVE-0-2018-9918)

    Vulnerability from cvelistv5 – Published: 2018-04-10 18:00 – Updated: 2024-08-05 07:24
    VLAI
    Summary
    libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3638-1/ vendor-advisoryx_refsource_UBUNTU
    https://github.com/qpdf/qpdf/commit/b4d6cf6836ce0… x_refsource_MISC
    https://github.com/qpdf/qpdf/issues/202 x_refsource_MISC
    Date Public
    2018-04-10 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T07:24:56.362Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3638-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/commit/b4d6cf6836ce025ba1811b7bbec52680c7204223"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/202"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-04-10T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "libqpdf.a in QPDF through 8.0.2 mishandles certain \"expected dictionary key but found non-name object\" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3638-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/commit/b4d6cf6836ce025ba1811b7bbec52680c7204223"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/202"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2018-9918",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "libqpdf.a in QPDF through 8.0.2 mishandles certain \"expected dictionary key but found non-name object\" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3638-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3638-1/"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/commit/b4d6cf6836ce025ba1811b7bbec52680c7204223",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/commit/b4d6cf6836ce025ba1811b7bbec52680c7204223"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/issues/202",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/issues/202"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2018-9918",
        "datePublished": "2018-04-10T18:00:00.000Z",
        "dateReserved": "2018-04-10T00:00:00.000Z",
        "dateUpdated": "2024-08-05T07:24:56.362Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-18186 (GCVE-0-2017-18186)

    Vulnerability from cvelistv5 – Published: 2018-02-13 19:00 – Updated: 2024-08-05 21:13
    VLAI
    Summary
    An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3638-1/ vendor-advisoryx_refsource_UBUNTU
    https://github.com/qpdf/qpdf/commit/85f05cc57ffa0… x_refsource_MISC
    https://github.com/qpdf/qpdf/issues/149 x_refsource_MISC
    Date Public
    2018-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:13:49.012Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3638-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/149"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3638-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/149"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-18186",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3638-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3638-1/"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/issues/149",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/issues/149"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-18186",
        "datePublished": "2018-02-13T19:00:00.000Z",
        "dateReserved": "2018-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T21:13:49.012Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2015-9252 (GCVE-0-2015-9252)

    Vulnerability from cvelistv5 – Published: 2018-02-13 19:00 – Updated: 2024-08-06 08:43
    VLAI
    Summary
    An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/qpdf/qpdf/issues/51 x_refsource_MISC
    https://usn.ubuntu.com/3638-1/ vendor-advisoryx_refsource_UBUNTU
    https://github.com/qpdf/qpdf/commit/701b518d5c56a… x_refsource_MISC
    Date Public
    2018-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-06T08:43:42.148Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/51"
              },
              {
                "name": "USN-3638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3638-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/51"
            },
            {
              "name": "USN-3638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3638-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2015-9252",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/qpdf/qpdf/issues/51",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/issues/51"
                },
                {
                  "name": "USN-3638-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3638-1/"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2015-9252",
        "datePublished": "2018-02-13T19:00:00.000Z",
        "dateReserved": "2018-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-06T08:43:42.148Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-18184 (GCVE-0-2017-18184)

    Vulnerability from cvelistv5 – Published: 2018-02-13 19:00 – Updated: 2024-08-05 21:13
    VLAI
    Summary
    An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://usn.ubuntu.com/3638-1/ vendor-advisoryx_refsource_UBUNTU
    https://github.com/qpdf/qpdf/commit/dea704f0ab7f6… x_refsource_MISC
    https://github.com/qpdf/qpdf/issues/147 x_refsource_MISC
    Date Public
    2018-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:13:49.072Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "USN-3638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3638-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/147"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "USN-3638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3638-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/147"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-18184",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "USN-3638-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3638-1/"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/issues/147",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/issues/147"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-18184",
        "datePublished": "2018-02-13T19:00:00.000Z",
        "dateReserved": "2018-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T21:13:49.072Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-18183 (GCVE-0-2017-18183)

    Vulnerability from cvelistv5 – Published: 2018-02-13 19:00 – Updated: 2024-08-05 21:13
    VLAI
    Summary
    An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/qpdf/qpdf/commit/8249a26d69f72… x_refsource_MISC
    https://github.com/qpdf/qpdf/issues/143 x_refsource_MISC
    https://usn.ubuntu.com/3638-1/ vendor-advisoryx_refsource_UBUNTU
    Date Public
    2018-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:13:49.097Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/commit/8249a26d69f72b9cda584c14cc3f12769985e481"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/143"
              },
              {
                "name": "USN-3638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3638-1/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/commit/8249a26d69f72b9cda584c14cc3f12769985e481"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/143"
            },
            {
              "name": "USN-3638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3638-1/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-18183",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/qpdf/qpdf/commit/8249a26d69f72b9cda584c14cc3f12769985e481",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/commit/8249a26d69f72b9cda584c14cc3f12769985e481"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/issues/143",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/issues/143"
                },
                {
                  "name": "USN-3638-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3638-1/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-18183",
        "datePublished": "2018-02-13T19:00:00.000Z",
        "dateReserved": "2018-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T21:13:49.097Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-18185 (GCVE-0-2017-18185)

    Vulnerability from cvelistv5 – Published: 2018-02-13 19:00 – Updated: 2024-08-05 21:13
    VLAI
    Summary
    An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/qpdf/qpdf/commit/ec7d74a386c0b… x_refsource_MISC
    https://usn.ubuntu.com/3638-1/ vendor-advisoryx_refsource_UBUNTU
    https://github.com/qpdf/qpdf/issues/150 x_refsource_MISC
    Date Public
    2018-02-13 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T21:13:49.098Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/commit/ec7d74a386c0b2f38990079c3b0d2a2b30be0e71"
              },
              {
                "name": "USN-3638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3638-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/150"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2018-02-13T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/commit/ec7d74a386c0b2f38990079c3b0d2a2b30be0e71"
            },
            {
              "name": "USN-3638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3638-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/150"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-18185",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/qpdf/qpdf/commit/ec7d74a386c0b2f38990079c3b0d2a2b30be0e71",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/commit/ec7d74a386c0b2f38990079c3b0d2a2b30be0e71"
                },
                {
                  "name": "USN-3638-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3638-1/"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/issues/150",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/issues/150"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-18185",
        "datePublished": "2018-02-13T19:00:00.000Z",
        "dateReserved": "2018-02-13T00:00:00.000Z",
        "dateUpdated": "2024-08-05T21:13:49.098Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-12595 (GCVE-0-2017-12595)

    Vulnerability from cvelistv5 – Published: 2017-08-27 15:00 – Updated: 2024-08-05 18:43
    VLAI
    Summary
    The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/qpdf/qpdf/issues/146 x_refsource_CONFIRM
    https://usn.ubuntu.com/3638-1/ vendor-advisoryx_refsource_UBUNTU
    https://github.com/qpdf/qpdf/commit/ad527a64f93dc… x_refsource_CONFIRM
    Date Public
    2017-08-27 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:43:55.969Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/146"
              },
              {
                "name": "USN-3638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3638-1/"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-08-27T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/146"
            },
            {
              "name": "USN-3638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3638-1/"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-12595",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/qpdf/qpdf/issues/146",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/qpdf/qpdf/issues/146"
                },
                {
                  "name": "USN-3638-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3638-1/"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b",
                  "refsource": "CONFIRM",
                  "url": "https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-12595",
        "datePublished": "2017-08-27T15:00:00.000Z",
        "dateReserved": "2017-08-06T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:43:55.969Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11627 (GCVE-0-2017-11627)

    Vulnerability from cvelistv5 – Published: 2017-07-25 23:00 – Updated: 2024-08-05 18:12
    VLAI
    Summary
    A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    https://github.com/qpdf/qpdf/issues/118 x_refsource_MISC
    https://usn.ubuntu.com/3638-1/ vendor-advisoryx_refsource_UBUNTU
    http://somevulnsofadlab.blogspot.jp/2017/07/qpdfa… x_refsource_MISC
    Date Public
    2017-07-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:12:40.943Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/118"
              },
              {
                "name": "USN-3638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3638-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_21.html"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-07-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an \"infinite loop.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/118"
            },
            {
              "name": "USN-3638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3638-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_21.html"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-11627",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an \"infinite loop.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://github.com/qpdf/qpdf/issues/118",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/issues/118"
                },
                {
                  "name": "USN-3638-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3638-1/"
                },
                {
                  "name": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_21.html",
                  "refsource": "MISC",
                  "url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_21.html"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-11627",
        "datePublished": "2017-07-25T23:00:00.000Z",
        "dateReserved": "2017-07-25T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:12:40.943Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2017-11626 (GCVE-0-2017-11626)

    Vulnerability from cvelistv5 – Published: 2017-07-25 23:00 – Updated: 2024-08-05 18:12
    VLAI
    Summary
    A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://somevulnsofadlab.blogspot.jp/2017/07/qpdfa… x_refsource_MISC
    https://usn.ubuntu.com/3638-1/ vendor-advisoryx_refsource_UBUNTU
    https://github.com/qpdf/qpdf/issues/119 x_refsource_MISC
    Date Public
    2017-07-25 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-05T18:12:40.746Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html"
              },
              {
                "name": "USN-3638-1",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
                  "x_transferred"
                ],
                "url": "https://usn.ubuntu.com/3638-1/"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/qpdf/qpdf/issues/119"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2017-07-25T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an \"infinite loop.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-05-08T09:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html"
            },
            {
              "name": "USN-3638-1",
              "tags": [
                "vendor-advisory",
                "x_refsource_UBUNTU"
              ],
              "url": "https://usn.ubuntu.com/3638-1/"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/qpdf/qpdf/issues/119"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2017-11626",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an \"infinite loop.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html",
                  "refsource": "MISC",
                  "url": "http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html"
                },
                {
                  "name": "USN-3638-1",
                  "refsource": "UBUNTU",
                  "url": "https://usn.ubuntu.com/3638-1/"
                },
                {
                  "name": "https://github.com/qpdf/qpdf/issues/119",
                  "refsource": "MISC",
                  "url": "https://github.com/qpdf/qpdf/issues/119"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2017-11626",
        "datePublished": "2017-07-25T23:00:00.000Z",
        "dateReserved": "2017-07-25T00:00:00.000Z",
        "dateUpdated": "2024-08-05T18:12:40.746Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }