CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 1CVE-2018-9918 – Ubuntu Security Notice USN-3638-1
https://notcve.org/view.php?id=CVE-2018-9918
10 Apr 2018 — libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted. libqpdf.a en QPDF hasta la versión 8.0.2 gestiona de manera incorrecta ciertos casos de "clave de diccionario esperada pero objeto sin nombre encontrado". Esto permite que los atacantes remotos provoquen una deneg... • https://github.com/qpdf/qpdf/commit/b4d6cf6836ce025ba1811b7bbec52680c7204223 • CWE-674: Uncontrolled Recursion •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-9252 – Ubuntu Security Notice USN-3638-1
https://notcve.org/view.php?id=CVE-2015-9252
13 Feb 2018 — An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc. Se ha descubierto un problema en versiones anteriores a la 7.0.0 de QPDF. La recursión infinita provoca el agotamiento de la pila en QPDFTokenizer::resolveLiteral() en QPDFTokenizer.cc, que se relaciona con la función QPDF::resolve en QPDF.cc. It was discovered that QPDF incorrectly handled certain malformed files. • https://github.com/qpdf/qpdf/commit/701b518d5c56a1449825a3a37a716c58e05e1c3e • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18183 – Ubuntu Security Notice USN-3638-1
https://notcve.org/view.php?id=CVE-2017-18183
13 Feb 2018 — An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc. Se ha descubierto un problema en versiones anteriores a la 7.0.0 de QPDF. Hay un bucle infinito en la función QPDFWriter::enqueueObject() en libqpdf/QPDFWriter.cc. It was discovered that QPDF incorrectly handled certain malformed files. • https://github.com/qpdf/qpdf/commit/8249a26d69f72b9cda584c14cc3f12769985e481 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18184 – Ubuntu Security Notice USN-3638-1
https://notcve.org/view.php?id=CVE-2017-18184
13 Feb 2018 — An issue was discovered in QPDF before 7.0.0. There is a stack-based out-of-bounds read in the function iterate_rc4 in QPDF_encryption.cc. Se ha descubierto un problema en versiones anteriores a la 7.0.0 de QPDF. Hay una lectura fuera de límites basada en pila en la función iterate_rc4 en QPDF_encryption.cc. It was discovered that QPDF incorrectly handled certain malformed files. • https://github.com/qpdf/qpdf/commit/dea704f0ab7f625e1e7b3f9a1110b45b63157317 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18185 – Ubuntu Security Notice USN-3638-1
https://notcve.org/view.php?id=CVE-2017-18185
13 Feb 2018 — An issue was discovered in QPDF before 7.0.0. There is a large heap-based out-of-bounds read in the Pl_Buffer::write function in Pl_Buffer.cc. It is caused by an integer overflow in the PNG filter. Se ha descubierto un problema en versiones anteriores a la 7.0.0 de QPDF. Hay una gran lectura fuera de límites basada en memoria dinámica (heap) en la función Pl_Buffer::write en Pl_Buffer.cc. • https://github.com/qpdf/qpdf/commit/ec7d74a386c0b2f38990079c3b0d2a2b30be0e71 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-18186 – Ubuntu Security Notice USN-3638-1
https://notcve.org/view.php?id=CVE-2017-18186
13 Feb 2018 — An issue was discovered in QPDF before 7.0.0. There is an infinite loop due to looping xref tables in QPDF.cc. Se ha descubierto un problema en versiones anteriores a la 7.0.0 de QPDF. Hay un bucle infinito debido a las tablas xref en bucle en QPDF.cc. It was discovered that QPDF incorrectly handled certain malformed files. • https://github.com/qpdf/qpdf/commit/85f05cc57ffa0a863d9d9b23e73acea9410b2937 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-12595 – Ubuntu Security Notice USN-3638-1
https://notcve.org/view.php?id=CVE-2017-12595
27 Aug 2017 — The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc. El tokenizador en QPDF 6.0.0 y 7.0.b1 es recursivo para los arrays y diccionarios, lo que permite a los atacantes remotos provocar una denegación ... • https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2017-11624 – Ubuntu Security Notice USN-3638-1
https://notcve.org/view.php?id=CVE-2017-11624
25 Jul 2017 — A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop." Se ha detectado una vulnerabilidad de consumo de pila en libqpdf en QPDF 6.0.0, lo que permite que los atacantes provoquen una denegación de servicio (DoS) mediante un archivo manipulado. Esto está relacionad... • http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2017-11625 – Ubuntu Security Notice USN-3638-1
https://notcve.org/view.php?id=CVE-2017-11625
25 Jul 2017 — A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop." Se ha detectado una vulnerabilidad de consumo de pila en libqpdf en QPDF 6.0.0, lo que permite que los atacantes provoquen una denegación de servicio (DoS) mediante un archivo manipulado. Esto está relacionado con la función QPDF::resolveObjectsInStream en QPDF.cc. Esto también se... • http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_26.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 2CVE-2017-11626 – Ubuntu Security Notice USN-3638-1
https://notcve.org/view.php?id=CVE-2017-11626
25 Jul 2017 — A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop." Se ha detectado una vulnerabilidad de consumo de pila en libqpdf en QPDF 6.0.0, lo que permite que los atacantes provoquen una denegación de servicio (DoS) mediante un archivo manipulado. Esto está relaciona... • http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •