Unrated severityNVD Advisory· Published Jul 22, 2022· Updated Aug 3, 2024
CVE-2022-34503
CVE-2022-34503
Description
QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
Affected products
23(expand)+ 1 more
- (no CPE)
- (no CPE)range: = 8.4.2
- osv-coords21 versionspkg:rpm/opensuse/qpdf&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/qpdf&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/qpdf&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/qpdf&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/qpdf&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 8.0.2-150000.3.5.1+ 20 more
- (no CPE)range: < 8.0.2-150000.3.5.1
- (no CPE)range: < 8.0.2-150000.3.5.1
- (no CPE)range: < 8.0.2-150000.3.5.1
- (no CPE)range: < 8.0.2-150000.3.5.1
- (no CPE)range: < 8.0.2-150000.3.5.1
- (no CPE)range: < 8.0.2-150000.3.5.1
- (no CPE)range: < 8.0.2-150000.3.5.1
- (no CPE)range: < 7.1.1-3.8.1
- (no CPE)range: < 7.1.1-3.8.1
- (no CPE)range: < 7.1.1-3.8.1
- (no CPE)range: < 7.1.1-3.8.1
- (no CPE)range: < 8.0.2-150000.3.5.1
- (no CPE)range: < 8.0.2-150000.3.5.1
- (no CPE)range: < 8.0.2-150000.3.5.1
- (no CPE)range: < 7.1.1-3.8.1
- (no CPE)range: < 7.1.1-3.8.1
- (no CPE)range: < 8.0.2-150000.3.5.1
- (no CPE)range: < 8.0.2-150000.3.5.1
- (no CPE)range: < 7.1.1-3.8.1
- (no CPE)range: < 7.1.1-3.8.1
- (no CPE)range: < 7.1.1-3.8.1
Patches
Vulnerability mechanics
References
1- github.com/qpdf/qpdf/issues/701mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.