CVE-2017-18183

Опубликовано: 12 авг. 2017

Источник: redhat

CVSS3: 3.3

EPSS Низкий

Описание

An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.

An unbounded recursion flaw leading to stack exhaustion was found in the way QPDF parsed PDF files. An attacker could potentially use this flaw to crash QPDF by tricking it into processing crafted QPDF files.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	qpdf	Will not fix
Red Hat Enterprise Linux 8	qpdf	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-400

https://bugzilla.redhat.com/show_bug.cgi?id=1545272qpdf: Infinite Loop in QPDFWriter::enqueueObject in libqpdf/QPDFWriter.cc

EPSS

Процентиль: 56%

0.00338

Низкий

3.3 Low

CVSS3

Связанные уязвимости

CVE-2017-18183

CVSS3: 5.5

ubuntu

почти 8 лет назад

An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.

CVE-2017-18183

CVSS3: 5.5

nvd

почти 8 лет назад

An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.

CVE-2017-18183

CVSS3: 5.5

debian

почти 8 лет назад

An issue was discovered in QPDF before 7.0.0. There is an infinite loo ...

GHSA-c873-f884-8r22

CVSS3: 5.5

github

больше 3 лет назад

An issue was discovered in QPDF before 7.0.0. There is an infinite loop in the QPDFWriter::enqueueObject() function in libqpdf/QPDFWriter.cc.

EPSS

Процентиль: 56%

0.00338

Низкий

3.3 Low

CVSS3