Download
| Alert*
oval:org.secpod.oval:def:704067
qpdf is installed oval:org.secpod.oval:def:2001125 An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc. oval:org.secpod.oval:def:2001422 An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc. oval:org.secpod.oval:def:2000012 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loo ... oval:org.secpod.oval:def:2000573 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop." oval:org.secpod.oval:def:704066 qpdf: tools for transforming and inspecting PDF files Several security issues were fixed in QPDF. oval:org.secpod.oval:def:52041 qpdf: tools for transforming and inspecting PDF files Several security issues were fixed in QPDF. oval:org.secpod.oval:def:2000608 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop." oval:org.secpod.oval:def:2000948 The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqp ... oval:org.secpod.oval:def:2000617 libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3. oval:org.secpod.oval:def:2000109 libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1. oval:org.secpod.oval:def:2000844 An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject function in libqpdf/QPDFWriter.cc. oval:org.secpod.oval:def:2000941 libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2. oval:org.secpod.oval:def:2001177 A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite lo ... oval:org.secpod.oval:def:2000466 An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter. oval:org.secpod.oval:def:2000686 libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service , related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted. oval:org.secpod.oval:def:2001555 In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file. oval:org.secpod.oval:def:708850 qpdf: tools for transforming and inspecting PDF files QPDF could be made to crash or run programs if it opened a specially crafted file. |