Описание
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| qpdf | fixed | 7.0~b1-1 | experimental | package |
| qpdf | fixed | 7.0.0-1 | package | |
| qpdf | no-dsa | stretch | package | |
| qpdf | no-dsa | jessie | package | |
| qpdf | no-dsa | wheezy | package |
Примечания
https://github.com/qpdf/qpdf/issues/120
EPSS
Связанные уязвимости
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
Уязвимость функции QPDF::resolveObjectsInStream утилиты командной строки для преобразования PDF документов QPDF, связанная с бесконечной работой цикла, позволяющая нарушителю вызвать отказ в обслуживании
EPSS