Qpdf Project

Qpdf

19 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.5

CVE-2015-9252

  • EPSS 0.31%
  • Published 13.02.2018 19:29:00
  • Last modified 21.11.2024 02:40:09

An issue was discovered in QPDF before 7.0.0. Endless recursion causes stack exhaustion in QPDFTokenizer::resolveLiteral() in QPDFTokenizer.cc, related to the QPDF::resolve function in QPDF.cc.

7.8

CVE-2017-12595

  • EPSS 0.97%
  • Published 27.08.2017 15:29:00
  • Last modified 20.04.2025 01:37:25

The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a...

5.5

CVE-2017-11627

Exploit
  • EPSS 0.29%
  • Published 25.07.2017 23:29:00
  • Last modified 20.04.2025 01:37:25

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."

5.5

CVE-2017-11626

Exploit
  • EPSS 0.34%
  • Published 25.07.2017 23:29:00
  • Last modified 20.04.2025 01:37:25

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QP...

5.5

CVE-2017-11625

Exploit
  • EPSS 0.31%
  • Published 25.07.2017 23:29:00
  • Last modified 20.04.2025 01:37:25

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."

5.5

CVE-2017-11624

Exploit
  • EPSS 0.32%
  • Published 25.07.2017 23:29:00
  • Last modified 20.04.2025 01:37:25

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPD...

5.5

CVE-2017-9208

  • EPSS 0.43%
  • Published 23.05.2017 04:29:04
  • Last modified 20.04.2025 01:37:25

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to releaseResolved functions, aka qpdf-infiniteloop1.

5.5

CVE-2017-9210

  • EPSS 0.28%
  • Published 23.05.2017 04:29:04
  • Last modified 20.04.2025 01:37:25

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to unparse functions, aka qpdf-infiniteloop3.

5.5

CVE-2017-9209

  • EPSS 0.23%
  • Published 23.05.2017 04:29:04
  • Last modified 20.04.2025 01:37:25

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.