Published: 23/05/2017 Updated: 03/10/2019

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

libqpdf.a in QPDF 6.0.0 allows remote malicious users to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qpdf project qpdf 6.0.0
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04
canonical ubuntu linux 17.10

Several security issues were fixed in QPDF ...

Debian Bug report logs - #863390 qpdf: CVE-2017-9208 CVE-2017-9209 CVE-2017-9210 Package: src:qpdf; Maintainer for src:qpdf is Jay Berkenbilt <qjb@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 26 May 2017 05:00:02 UTC Severity: important Tags: fixed-upstream, security, upstream Found ...

Debian Bug report logs - #871320 qpdf: CVE-2017-11624 CVE-2017-11625 CVE-2017-11626 CVE-2017-11627 Package: src:qpdf; Maintainer for src:qpdf is Jay Berkenbilt <qjb@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 7 Aug 2017 15:45:04 UTC Severity: important Tags: fixed-upstream, security ...

CWE-835 https://blogs.gentoo.org/ago/2017/05/21/qpdf-three-infinite-loop-in-libqpdf/https://usn.ubuntu.com/3638-1/https://usn.ubuntu.com/3638-1/https://nvd.nist.gov

CVE-2017-9210

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect