PT-2021-21416 · Qpdf+5 · Qpdf+5

Bin2415

·

Published

2020-12-23

·

Updated

2025-08-27

·

CVE-2021-36978

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions QPDF versions 9.x through 9.1.1 QPDF versions 10.x through 10.0.4
Description The issue is a heap-based buffer overflow in Pl ASCII85Decoder::write, which is called from Pl AES PDF::flush and Pl AES PDF::finish, occurring when a certain downstream write fails.
Recommendations For QPDF versions 9.x through 9.1.1, update to a version later than 9.1.1 to resolve the issue. For QPDF versions 10.x through 10.0.4, update to a version later than 10.0.4 to resolve the issue. As a temporary workaround, consider restricting the use of the Pl ASCII85Decoder::write function until a patch is available.

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALT-PU-2021-1011
ALT-PU-2022-1049
ALT-PU-2023-4131
BDU:2025-10921
CVE-2021-36978
DLA-3548-1
OPENSUSE-SU-2022_2670-1
OPENSUSE-SU-2022_3248-1
SUSE-SU-2022:2669-1
SUSE-SU-2022:2670-1
SUSE-SU-2022:3248-1
SUSE-SU-2022_2669-1
SUSE-SU-2022_2670-1
SUSE-SU-2022_3248-1
USN-5026-1
USN-5026-2

Affected Products

Alt Linux
Linuxmint
Qpdf
Red Os
Suse
Ubuntu