rpm package
suse/qpdf&distro=SUSE Linux Enterprise Server 12 SP5
pkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-34503 | — | < 7.1.1-3.8.1 | 7.1.1-3.8.1 | Jul 22, 2022 | QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | ||
| CVE-2021-36978 | — | < 7.1.1-3.8.1 | 7.1.1-3.8.1 | Jul 20, 2021 | QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails. | ||
| CVE-2018-9918 | Hig | 7.8 | < 7.1.1-3.11.1 | 7.1.1-3.11.1 | Apr 10, 2018 | libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects |
- CVE-2022-34503Jul 22, 2022affected < 7.1.1-3.8.1fixed 7.1.1-3.8.1
QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.
- CVE-2021-36978Jul 20, 2021affected < 7.1.1-3.8.1fixed 7.1.1-3.8.1
QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.
- affected < 7.1.1-3.11.1fixed 7.1.1-3.11.1
libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects