Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
qpdf project qpdf vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2017-12595
The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote malicious users to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as...
Qpdf Project Qpdf 6.0.0
Qpdf Project Qpdf 7.0.b1
5.5
CVSSv3
CVE-2017-18184
An issue exists in QPDF prior to 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc.
Qpdf Project Qpdf
5.5
CVSSv3
CVE-2021-36978
QPDF 9.x up to and including 9.1.1 and 10.x up to and including 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.
Qpdf Project Qpdf
5.5
CVSSv3
CVE-2017-18183
An issue exists in QPDF prior to 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.
Qpdf Project Qpdf
5.5
CVSSv3
CVE-2017-18185
An issue exists in QPDF prior to 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter.
Qpdf Project Qpdf
5.5
CVSSv3
CVE-2017-18186
An issue exists in QPDF prior to 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc.
Qpdf Project Qpdf
5.5
CVSSv3
CVE-2015-9252
An issue exists in QPDF prior to 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.
Qpdf Project Qpdf
3.3
CVSSv3
CVE-2018-18020
In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote malicious users to cause a denial of service via a crafted PDF file.
Qpdf Project Qpdf 8.2.1
5.5
CVSSv3
CVE-2017-11624
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows malicious users to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInte...
Qpdf Project Qpdf 6.0.0
5.5
CVSSv3
CVE-2017-11625
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows malicious users to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
Qpdf Project Qpdf 6.0.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »