A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows malicious users to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
qpdf project qpdf 6.0.0 |