Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2021-25786

Published: 11/08/2023 Updated: 27/09/2023
CVSS v3 Base Score: 5.3 | Impact Score: 3.4 | Exploitability Score: 1.8
VMScore: 0

Vulnerability Summary

An issue exists in QPDF version 10.0.4, allows remote malicious users to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

qpdf project qpdf 10.0.4

Vendor Advisories

Amazon Linux 2: ALAS-2024-2409
An issue was discovered in QPDF version 1004, allows remote attackers to execute arbitrary code via crafted pdf file to Pl_ASCII85Decoder::write parameter in libqpdf (CVE-2021-25786) ...
Red Hat:
DescriptionThe MITRE CVE dictionary describes this issue as: An issue was discovered in QPDF version 1004, allows remote attackers to execute arbitrary code via crafted pdf file to Pl_ASCII85Decoder::write parameter in libqpdf ...

References

CWE-416https://github.com/qpdf/qpdf/issues/492https://lists.debian.org/debian-lts-announce/2023/08/msg00037.htmlhttps://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2024-2409.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
bypassopen redirectCVE-2024-4358CVE-2024-24199CVE-2024-5550CVE-2024-5305CVE-2024-30373CVE-2024-1800deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook