VYPR

rpm package

suse/qpdf&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5

pkg:rpm/suse/qpdf&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5

Vulnerabilities (3)

  • CVE-2022-34503Jul 22, 2022
    affected < 7.1.1-3.8.1fixed 7.1.1-3.8.1

    QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

  • CVE-2021-36978Jul 20, 2021
    affected < 7.1.1-3.8.1fixed 7.1.1-3.8.1

    QPDF 9.x through 9.1.1 and 10.x through 10.0.4 has a heap-based buffer overflow in Pl_ASCII85Decoder::write (called from Pl_AES_PDF::flush and Pl_AES_PDF::finish) when a certain downstream write fails.

  • CVE-2018-9918HigApr 10, 2018
    affected < 7.1.1-3.11.1fixed 7.1.1-3.11.1

    libqpdf.a in QPDF through 8.0.2 mishandles certain "expected dictionary key but found non-name object" cases, allowing remote attackers to cause a denial of service (stack exhaustion), related to the QPDFObjectHandle and QPDF_Dictionary classes, because nesting in direct objects