PT-2017-4067 · Qpdf+3 · Qpdf+3

Agostino Sarubbo

·

Published

2017-05-23

·

Updated

2024-06-15

·

CVE-2017-9209

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions QPDF version 6.0.0
Description The issue is related to an infinite recursion in the libqpdf.a component of the QPDF utility, which can lead to a denial of service. This can be triggered by a remote attacker using a crafted PDF document, affecting the QPDFObjectHandle::parseInternal function.
Recommendations For QPDF version 6.0.0, consider restricting the use of the libqpdf.a component until a patch is available to prevent potential denial of service attacks. As a temporary workaround, avoid processing untrusted or crafted PDF documents to minimize the risk of exploitation.

Fix

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

ALT-PU-2017-2228
BDU:2021-01403
CVE-2017-9209
MGASA-2017-0237
MGASA-2018-0145
OPENSUSE-SU-2024:11289-1
SUSE-SU-2018:3066-1
SUSE-SU-2018:3066-2
USN-3638-1

Affected Products

Alt Linux
Qpdf
Suse
Ubuntu