PT-2024-20324 · Qpdf+3 · Qpdf+3

Chen Zhiyuan

Published

2024-02-29

Updated

2025-01-27

CVE-2024-24246

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions qpdf version 11.9.0

Description The issue allows attackers to crash the application via the std:: shared count() function at /bits/shared ptr base.h. This is a Heap Buffer Overflow vulnerability.

Recommendations For qpdf version 11.9.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Memory Corruption

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787CWE-122

Related Identifiers

ALT-PU-2024-5896

CVE-2024-24246

MGASA-2024-0076

ROSA-SA-2025-2593

USN-6713-1

Affected Products

Alt Linux

Debian

Ubuntu

Qpdf

PT-2024-20324 · Qpdf+3 · Qpdf+3

CVE-2024-24246

Weakness Enumeration

Related Identifiers

Affected Products

References · 25