CVE-2021-25786

Опубликовано: 11 авг. 2023

Источник: redhat

CVSS3: 5.3

EPSS Низкий

Описание

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.

A flaw was found in the qpdf package. This issue may allow attackers to crash the system or execute arbitrary code via a crafted .pdf file to the Pl_ASCII85Decoder::write parameter in libqpdf.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 7	qpdf	Out of support scope
Red Hat Enterprise Linux 8	qpdf	Will not fix
Red Hat Enterprise Linux 9	qpdf	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-416

https://bugzilla.redhat.com/show_bug.cgi?id=2231536qpdf: Heap use after free in Pl_ASCII85Decoder::write

EPSS

Процентиль: 53%

0.00302

Низкий

5.3 Medium

CVSS3

Связанные уязвимости

CVE-2021-25786

CVSS3: 5.3

ubuntu

почти 2 года назад

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.

CVE-2021-25786

CVSS3: 5.3

nvd

почти 2 года назад

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.

CVE-2021-25786

CVSS3: 5.3

debian

почти 2 года назад

An issue was discovered in QPDF version 10.0.4, allows remote attacker ...

ROS-20250403-02

CVSS3: 5.3

redos

3 месяца назад

Уязвимость qpdf

GHSA-f3pg-6m52-2j62

CVSS3: 8.8

github

почти 2 года назад

An issue was discovered in QPDF version 10.0.4, allows remote attackers to execute arbitrary code via crafted .pdf file to Pl_ASCII85Decoder::write parameter in libqpdf.

EPSS

Процентиль: 53%

0.00302

Низкий

5.3 Medium

CVSS3