Vulnerability Details CVE-2017-11624
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after two consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 56.0%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf.html
- https://github.com/qpdf/qpdf/issues/117
- https://usn.ubuntu.com/3638-1/
- http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf.html
- https://github.com/qpdf/qpdf/issues/117
- https://usn.ubuntu.com/3638-1/
Products affected by CVE-2017-11624
-
cpe:2.3:a:qpdf_project:qpdf:6.0.0