CVE-2018-9918

libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.
References
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:qpdf_project:qpdf:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*

Information

Published : 2018-04-10 11:29

Updated : 2019-10-02 17:03


NVD link : CVE-2018-9918

Mitre link : CVE-2018-9918


JSON object : View

CWE
CWE-674

Uncontrolled Recursion

Advertisement

dedicated server usa

Products Affected

qpdf_project

  • qpdf

canonical

  • ubuntu_linux