CVE-2022-34503

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions QPDF version v8.4.2

Description The issue is related to a heap buffer overflow via the function QPDF::processXRefStream. This allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. The vulnerability is associated with the lack of resource release after its valid period of exploitation.

Recommendations For QPDF version v8.4.2, consider disabling the QPDF::processXRefStream function until a patch is available to prevent potential Denial of Service (DoS) attacks via crafted PDF files. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Memory Corruption

Missing Release of Resource after Effective Lifetime

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-772

Related Identifiers

ALT-PU-2019-2616

BDU:2022-05225

CVE-2022-34503

OESA-2024-1965

OESA-2024-1966

OESA-2024-1967

OESA-2024-1968

OPENSUSE-SU-2022_2670-1

SUSE-SU-2022:2669-1

SUSE-SU-2022:2670-1

Affected Products

Alt Linux

Astra Linux

Qpdf

Suse

CVE-2022-34503

Weakness Enumeration

Related Identifiers

Affected Products

References · 30