Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

qpdf project qpdf vulnerabilities and exploits

(subscribe to this query)
6.8
CVSSv2
CVE-2017-12595
The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote malicious users to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as...
Qpdf Project Qpdf 6.0.0Qpdf Project Qpdf 7.0.b1
4.3
CVSSv2
CVE-2015-9252
An issue exists in QPDF prior to 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.
Qpdf Project Qpdf
4.3
CVSSv2
CVE-2021-36978
QPDF 9.x up to and including 9.1.1 and 10.x up to and including 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.
Qpdf Project Qpdf
4.3
CVSSv2
CVE-2017-18183
An issue exists in QPDF prior to 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.
Qpdf Project Qpdf
4.3
CVSSv2
CVE-2017-18184
An issue exists in QPDF prior to 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc.
Qpdf Project Qpdf
4.3
CVSSv2
CVE-2017-18185
An issue exists in QPDF prior to 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter.
Qpdf Project Qpdf
4.3
CVSSv2
CVE-2017-18186
An issue exists in QPDF prior to 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc.
Qpdf Project Qpdf
4.3
CVSSv2
CVE-2017-11627
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows malicious users to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."
Qpdf Project Qpdf 6.0.0
NA
CVE-2021-25786
An issue exists in QPDF version 10.0.4, allows remote malicious users to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.
Qpdf Project Qpdf 10.0.4
4.3
CVSSv2
CVE-2018-18020
In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote malicious users to cause a denial of service via a crafted PDF file.
Qpdf Project Qpdf 8.2.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463CVE-2024-3400deserializationCVE-2024-21788CVE-2023-42433CVE-2024-21841CVE-2024-22095local file inclusionmemory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook