Package qpdf updated to version 9.0.0-alt1 for branch sisyphus in task 236748.

Published: 2022-07-22

BDU:2022-05225

Уязвимость функции QPDF::processXRefStream утилиты командной строки для преобразования PDF документов QPDF, позволяющая нарушителю вызвать отказ в обслуживании

Severity: MEDIUM (6.5) Vector: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Severity: HIGH (7.8) Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

References:

CVE-2022-34503

Published: 2022-07-22
Modified: 2024-11-21

CVE-2022-34503

QPDF v8.4.2 was discovered to contain a heap buffer overflow via the function QPDF::processXRefStream. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file.

Severity: MEDIUM (6.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References:

https://github.com/qpdf/qpdf/issues/701
https://github.com/qpdf/qpdf/issues/701

Version: 2.1.2

Package qpdf update in sisyphus on 2019-09-03

ALT-PU-2019-2616-1

Closed vulnerabilities

BDU:2022-05225

CVE-2022-34503