Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Qpdf Project Subscribe
Filtered by product Qpdf
Total 17 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-34503 1 Qpdf Project 1 Qpdf 2022-07-28 N/A 6.5 MEDIUM
QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
CVE-2021-36978 1 Qpdf Project 1 Qpdf 2021-07-29 4.3 MEDIUM 5.5 MEDIUM
QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.
CVE-2018-18020 1 Qpdf Project 1 Qpdf 2020-08-24 4.3 MEDIUM 3.3 LOW
In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file.
CVE-2017-11624 1 Qpdf Project 1 Qpdf 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
CVE-2017-18183 1 Qpdf Project 1 Qpdf 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.
CVE-2017-11625 1 Qpdf Project 1 Qpdf 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
CVE-2017-11626 1 Qpdf Project 1 Qpdf 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
CVE-2017-18186 1 Qpdf Project 1 Qpdf 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc.
CVE-2017-9208 2 Canonical, Qpdf Project 2 Ubuntu Linux, Qpdf 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.
CVE-2017-9209 2 Canonical, Qpdf Project 2 Ubuntu Linux, Qpdf 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.
CVE-2017-9210 2 Canonical, Qpdf Project 2 Ubuntu Linux, Qpdf 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.
CVE-2018-9918 2 Canonical, Qpdf Project 2 Ubuntu Linux, Qpdf 2019-10-02 6.8 MEDIUM 7.8 HIGH
libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.
CVE-2017-11627 1 Qpdf Project 1 Qpdf 2019-10-02 4.3 MEDIUM 5.5 MEDIUM
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."
CVE-2017-18185 1 Qpdf Project 1 Qpdf 2018-05-08 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter.
CVE-2017-12595 1 Qpdf Project 1 Qpdf 2018-05-08 6.8 MEDIUM 7.8 HIGH
The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.
CVE-2017-18184 1 Qpdf Project 1 Qpdf 2018-05-08 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc.
CVE-2015-9252 1 Qpdf Project 1 Qpdf 2018-05-08 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.