Vulnerability Details CVE-2017-11625
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDF::resolveObjectsInStream function in QPDF.cc, aka an "infinite loop."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.3%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_26.html
- https://github.com/qpdf/qpdf/issues/120
- https://usn.ubuntu.com/3638-1/
- http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_26.html
- https://github.com/qpdf/qpdf/issues/120
- https://usn.ubuntu.com/3638-1/
Products affected by CVE-2017-11625
-
cpe:2.3:a:qpdf_project:qpdf:6.0.0