CVE-2018-9918
https://notcve.org/view.php?id=CVE-2018-9918
libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted. libqpdf.a en QPDF hasta la versión 8.0.2 gestiona de manera incorrecta ciertos casos de "clave de diccionario esperada pero objeto sin nombre encontrado". Esto permite que los atacantes remotos provoquen una denegación de servicio (agotamiento de la pila), relacionado con las clases QPDFObjectHandle y QPDF_Dictionary. Esto se debe a que la anidación en los objetos directos no está restringida. • https://github.com/qpdf/qpdf/commit/b4d6cf6836ce025ba1811b7bbec52680c7204223 https://github.com/qpdf/qpdf/issues/202 https://usn.ubuntu.com/3638-1 • CWE-674: Uncontrolled Recursion •
CVE-2017-18184
https://notcve.org/view.php?id=CVE-2017-18184
An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc. Se ha descubierto un problema en versiones anteriores a la 7.0.0 de QPDF. Hay una lectura fuera de límites basada en pila en la función iterate_rc4 en QPDF_encryption.cc. • https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317 https://github.com/qpdf/qpdf/issues/147 https://usn.ubuntu.com/3638-1 • CWE-125: Out-of-bounds Read •
CVE-2017-18183
https://notcve.org/view.php?id=CVE-2017-18183
An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc. Se ha descubierto un problema en versiones anteriores a la 7.0.0 de QPDF. Hay un bucle infinito en la función QPDFWriter::enqueueObject() en libqpdf/QPDFWriter.cc. • https://github.com/qpdf/qpdf/commit/8249a26d69f72b9cda584c14cc3f12769985e481 https://github.com/qpdf/qpdf/issues/143 https://usn.ubuntu.com/3638-1 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2017-18185
https://notcve.org/view.php?id=CVE-2017-18185
An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter. Se ha descubierto un problema en versiones anteriores a la 7.0.0 de QPDF. Hay una gran lectura fuera de límites basada en memoria dinámica (heap) en la función Pl_Buffer::write en Pl_Buffer.cc. • https://github.com/qpdf/qpdf/commit/ec7d74a386c0b2f38990079c3b0d2a2b30be0e71 https://github.com/qpdf/qpdf/issues/150 https://usn.ubuntu.com/3638-1 • CWE-125: Out-of-bounds Read •
CVE-2015-9252
https://notcve.org/view.php?id=CVE-2015-9252
An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc. Se ha descubierto un problema en versiones anteriores a la 7.0.0 de QPDF. La recursión infinita provoca el agotamiento de la pila en QPDFTokenizer::resolveLiteral() en QPDFTokenizer.cc, que se relaciona con la función QPDF::resolve en QPDF.cc. • https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e https://github.com/qpdf/qpdf/issues/51 https://usn.ubuntu.com/3638-1 • CWE-399: Resource Management Errors •