High severity7.8NVD Advisory· Published Apr 10, 2018· Updated Jun 17, 2026
CVE-2018-9918
CVE-2018-9918
Description
libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects is not restricted.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- Range: <=8.0.2
- osv-coords3 versionspkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
< 7.1.1-3.11.1+ 2 more
- (no CPE)range: < 7.1.1-3.11.1
- (no CPE)range: < 7.1.1-3.11.1
- (no CPE)range: < 7.1.1-3.11.1
Patches
Vulnerability mechanics
References
3- github.com/qpdf/qpdf/commit/b4d6cf6836ce025ba1811b7bbec52680c7204223nvdPatch
- github.com/qpdf/qpdf/issues/202nvdExploitIssue TrackingPatchThird Party Advisory
- usn.ubuntu.com/3638-1/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.