CVE-2021-25786

Опубликовано: 11 авг. 2023

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.

Ссылки

https://github.com/qpdf/qpdf/issues/492
Exploit
Issue Tracking
Patch
https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html
Mailing List
Third Party Advisory
https://github.com/qpdf/qpdf/issues/492
Exploit
Issue Tracking
Patch
https://lists.debian.org/debian-lts-announce/2023/08/msg00037.html
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:qpdf_project:qpdf:10.0.4:*:*:*:*:*:*:*

EPSS

Процентиль: 53%

0.00302

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-416

Связанные уязвимости

CVE-2021-25786

CVSS3: 5.3

ubuntu

почти 2 года назад

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.

CVE-2021-25786

CVSS3: 5.3

redhat

почти 2 года назад

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.

CVE-2021-25786

CVSS3: 5.3

debian

почти 2 года назад

An issue was discovered in QPDF version 10.0.4, allows remote attacker ...

ROS-20250403-02

CVSS3: 5.3

redos

3 месяца назад

Уязвимость qpdf

GHSA-f3pg-6m52-2j62

CVSS3: 8.8

github

почти 2 года назад

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.

EPSS

Процентиль: 53%

0.00302

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-416