CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2024-24246 – Ubuntu Security Notice USN-6713-1
https://notcve.org/view.php?id=CVE-2024-24246
29 Feb 2024 — Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h. La vulnerabilidad de desbordamiento de búfer de almacenamiento dinámico en qpdf 11.9.0 permite a los atacantes bloquear la aplicación a través de la función std::__shared_count() en /bits/shared_ptr_base.h. It was discovered that QPDF incorrectly handled certain memory operations when decoding JSON files. If a user or automated system were tricked int... • https://github.com/qpdf/qpdf/issues/1123 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2021-25786
https://notcve.org/view.php?id=CVE-2021-25786
11 Aug 2023 — An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf. • https://github.com/qpdf/qpdf/issues/492 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-34503
https://notcve.org/view.php?id=CVE-2022-34503
22 Jul 2022 — QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. Se ha detectado que QPDF versión v8.4.2, contiene un desbordamiento del búfer de la pila por medio de la función QPDF::processXRefStream. Esta vulnerabilidad permite a atacantes causar una denegación de servicio (DoS) por medio de un archivo PDF diseñado • https://github.com/qpdf/qpdf/issues/701 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-36978 – Gentoo Linux Security Advisory 202401-20
https://notcve.org/view.php?id=CVE-2021-36978
20 Jul 2021 — QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails. QPDF versiones 9.x hasta 9.1.1 y versiones 10.x hasta 10.0.4, presenta un desbordamiento de búfer en la región heap de la memoria en la función Pl_ASCII85Decoder::write (llamado desde Pl_AES_PDF::flush y Pl_AES_PDF::finish) cuando comete un fallo una determinada escritura descendente USN-5026-1 fixed several ... • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262 • CWE-787: Out-of-bounds Write •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18020 – Ubuntu Security Notice USN-5026-2
https://notcve.org/view.php?id=CVE-2018-18020
06 Oct 2018 — In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file. En QPDF 8.2.1, en libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject y QPDFWriter::unparseChild tienen llamadas recursivas durante mucho tiempo, lo que permite que atacantes remotos provoquen una denegación de servicio (DoS) mediante un archivo PDF manipulado. USN-5026-1 fixed several vulnerabili... • https://github.com/qpdf/qpdf/issues/243 • CWE-674: Uncontrolled Recursion •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2018-9918 – Ubuntu Security Notice USN-3638-1
https://notcve.org/view.php?id=CVE-2018-9918
10 Apr 2018 — libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted. libqpdf.a en QPDF hasta la versión 8.0.2 gestiona de manera incorrecta ciertos casos de "clave de diccionario esperada pero objeto sin nombre encontrado". Esto permite que los atacantes remotos provoquen una deneg... • https://github.com/qpdf/qpdf/commit/b4d6cf6836ce025ba1811b7bbec52680c7204223 • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18183 – Ubuntu Security Notice USN-3638-1
https://notcve.org/view.php?id=CVE-2017-18183
13 Feb 2018 — An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc. Se ha descubierto un problema en versiones anteriores a la 7.0.0 de QPDF. Hay un bucle infinito en la función QPDFWriter::enqueueObject() en libqpdf/QPDFWriter.cc. It was discovered that QPDF incorrectly handled certain malformed files. • https://github.com/qpdf/qpdf/commit/8249a26d69f72b9cda584c14cc3f12769985e481 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18184 – Ubuntu Security Notice USN-3638-1
https://notcve.org/view.php?id=CVE-2017-18184
13 Feb 2018 — An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc. Se ha descubierto un problema en versiones anteriores a la 7.0.0 de QPDF. Hay una lectura fuera de límites basada en pila en la función iterate_rc4 en QPDF_encryption.cc. It was discovered that QPDF incorrectly handled certain malformed files. • https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18185 – Ubuntu Security Notice USN-3638-1
https://notcve.org/view.php?id=CVE-2017-18185
13 Feb 2018 — An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter. Se ha descubierto un problema en versiones anteriores a la 7.0.0 de QPDF. Hay una gran lectura fuera de límites basada en memoria dinámica (heap) en la función Pl_Buffer::write en Pl_Buffer.cc. • https://github.com/qpdf/qpdf/commit/ec7d74a386c0b2f38990079c3b0d2a2b30be0e71 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18186 – Ubuntu Security Notice USN-3638-1
https://notcve.org/view.php?id=CVE-2017-18186
13 Feb 2018 — An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc. Se ha descubierto un problema en versiones anteriores a la 7.0.0 de QPDF. Hay un bucle infinito debido a las tablas xref en bucle en QPDF.cc. It was discovered that QPDF incorrectly handled certain malformed files. • https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •