Jump to:

CVE-2018-18020

Jump to:

CVE-2018-18020

Package qpdf updated to version 8.3.0-alt1 for branch sisyphus in task 219654.

Published: 2018-10-06
Modified: 2024-11-21

CVE-2018-18020

In QPDF 8.2.1, in libqpdf/QPDFWriter.cc, QPDFWriter::unparseObject and QPDFWriter::unparseChild have recursive calls for a long time, which allows remote attackers to cause a denial of service via a crafted PDF file.

Severity: LOW (3.3) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

References:

https://github.com/qpdf/qpdf/issues/243
https://github.com/qpdf/qpdf/issues/243
[debian-lts-announce] 20230829 [SECURITY] [DLA 3548-1] qpdf security update
[debian-lts-announce] 20230829 [SECURITY] [DLA 3548-1] qpdf security update

Version: 2.1.0

Package qpdf update in sisyphus on 2019-01-20

ALT-PU-2019-1083-1

Closed vulnerabilities

CVE-2018-18020