Vulnerability Details CVE-2017-11627
A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the PointerHolder function in PointerHolder.hh, aka an "infinite loop."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 52.4%
CVSS Severity
CVSS v3 Score 5.5
CVSS v2 Score 4.3
References
- http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_21.html
- https://github.com/qpdf/qpdf/issues/118
- https://usn.ubuntu.com/3638-1/
- http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_21.html
- https://github.com/qpdf/qpdf/issues/118
- https://usn.ubuntu.com/3638-1/
Products affected by CVE-2017-11627
-
cpe:2.3:a:qpdf_project:qpdf:6.0.0