CVE-2024-24246

Опубликовано: 29 фев. 2024

Источник: redhat

CVSS3: 7.5

EPSS Низкий

Описание

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.

A flaw was found in qpdf. Processing a specially crafted JSON file using the --json-input command line option may lead to a heap-based buffer over-read, resulting in an application crash.

Отчет

The qpdf packages as shipped in Red Hat Enterprise Linux 8 and 9 are not affected by this vulnerability because the support of generating PDFs based on JSON was introduced in a newer version of qpdf.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 7	qpdf	Out of support scope
Red Hat Enterprise Linux 8	qpdf	Not affected
Red Hat Enterprise Linux 9	qpdf	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-126

https://bugzilla.redhat.com/show_bug.cgi?id=2267204qpdf: Heap Buffer Overflow vulnerability in qpdf

EPSS

Процентиль: 22%

0.00074

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2024-24246

CVSS3: 5.5

ubuntu

почти 2 года назад

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.

CVE-2024-24246

CVSS3: 5.5

nvd

почти 2 года назад

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.

CVE-2024-24246

CVSS3: 5.5

debian

почти 2 года назад

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to ...

GHSA-6733-f273-8q48

CVSS3: 5.5

github

почти 2 года назад

Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h.

EPSS

Процентиль: 22%

0.00074

Низкий

7.5 High

CVSS3