CVE-2021-36978
Severity Score
5.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.
QPDF versiones 9.x hasta 9.1.1 y versiones 10.x hasta 10.0.4, presenta un desbordamiento de búfer en la región heap de la memoria en la función Pl_ASCII85Decoder::write (llamado desde Pl_AES_PDF::flush y Pl_AES_PDF::finish) cuando comete un fallo una determinada escritura descendente
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-07-20 CVE Reserved
- 2021-07-20 CVE Published
- 2024-04-04 EPSS Updated
- 2024-10-15 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| https://github.com/google/oss-fuzz-vulns/blob/main/vulns/qpdf/OSV-2020-2245.yaml | Third Party Advisory | |
| https://github.com/qpdf/qpdf/issues/492 | ||
| https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28262 | 2024-01-15 | |
| https://github.com/qpdf/qpdf/commit/dc92574c10f3e2516ec6445b88c5d584f40df4e5 | 2024-01-15 |
| URL | Date | SRC |
|---|---|---|
| https://security.gentoo.org/glsa/202401-20 | 2024-01-15 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qpdf Project Search vendor "Qpdf Project" | Qpdf Search vendor "Qpdf Project" for product "Qpdf" | >= 9.0.0 <= 9.1.1 Search vendor "Qpdf Project" for product "Qpdf" and version " >= 9.0.0 <= 9.1.1" | - |
Affected
| ||||||
| Qpdf Project Search vendor "Qpdf Project" | Qpdf Search vendor "Qpdf Project" for product "Qpdf" | >= 10.0.0 <= 10.0.4 Search vendor "Qpdf Project" for product "Qpdf" and version " >= 10.0.0 <= 10.0.4" | - |
Affected
| ||||||