libqpdf.a in QPDF up to and including 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote malicious users to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
qpdf project qpdf |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 17.10 |