CVE-2017-11624

Name of the Vulnerable Software and Affected Versions QPDF version 6.0.0

Description A stack-consumption issue was found in libqpdf, related to the QPDFTokenizer::resolveLiteral function, which can lead to a denial of service via a crafted file. This issue is associated with an "infinite loop" that occurs after two consecutive calls to QPDFObjectHandle::parseInternal. The exploitation of this issue may allow a remote attacker to cause a denial of service.

Recommendations For QPDF version 6.0.0, consider disabling the QPDFTokenizer::resolveLiteral function as a temporary workaround until a patch is available. Restrict access to crafted files that could exploit this issue to minimize the risk of denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.