Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qpdf project qpdf vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2017-12595
The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote malicious users to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as...
Qpdf Project Qpdf 6.0.0
Qpdf Project Qpdf 7.0.b1
4.3
CVSSv2
CVE-2015-9252
An issue exists in QPDF prior to 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.
Qpdf Project Qpdf
4.3
CVSSv2
CVE-2021-36978
QPDF 9.x up to and including 9.1.1 and 10.x up to and including 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.
Qpdf Project Qpdf
4.3
CVSSv2
CVE-2017-18183
An issue exists in QPDF prior to 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.
Qpdf Project Qpdf
4.3
CVSSv2
CVE-2017-18184
An issue exists in QPDF prior to 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc.
Qpdf Project Qpdf
4.3
CVSSv2
CVE-2017-18185
An issue exists in QPDF prior to 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter.
Qpdf Project Qpdf
4.3
CVSSv2
CVE-2017-18186
An issue exists in QPDF prior to 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc.
Qpdf Project Qpdf
4.3
CVSSv2
CVE-2017-11627
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows malicious users to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."
Qpdf Project Qpdf 6.0.0
NA
CVE-2021-25786
An issue exists in QPDF version 10.0.4, allows remote malicious users to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.
Qpdf Project Qpdf 10.0.4
4.3
CVSSv2
CVE-2018-18020
In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote malicious users to cause a denial of service via a crafted PDF file.
Qpdf Project Qpdf 8.2.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »