PT-2017-4067 · Qpdf+3 · Qpdf+3

Agostino Sarubbo

·

Publicado

2017-05-23

·

Atualizado

2024-06-15

·

CVE-2017-9209

CVSS v3.1

5.5

Média

VetorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions QPDF version 6.0.0
Description The issue is related to an infinite recursion in the libqpdf.a component of the QPDF utility, which can lead to a denial of service. This can be triggered by a remote attacker using a crafted PDF document, affecting the QPDFObjectHandle::parseInternal function.
Recommendations For QPDF version 6.0.0, consider restricting the use of the libqpdf.a component until a patch is available to prevent potential denial of service attacks. As a temporary workaround, avoid processing untrusted or crafted PDF documents to minimize the risk of exploitation.

Correção

DoS

Infinite Loop

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-835

Identificadores relacionados

ALT-PU-2017-2228
BDU:2021-01403
CVE-2017-9209
MGASA-2017-0237
MGASA-2018-0145
OPENSUSE-SU-2024:11289-1
SUSE-SU-2018:3066-1
SUSE-SU-2018:3066-2
USN-3638-1

Produtos afetados

Alt Linux
Qpdf
Suse
Ubuntu