CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-12595

The tokenizer in QPDF 6.0.0 and 7.0.b1 is recursive for arrays and dictionaries, which allows remote attackers to cause a denial of service (stack consumption and segmentation fault) or possibly have unspecified other impact via a PDF document with a deep data structure, as demonstrated by a crash in QPDFObjectHandle::parseInternal in libqpdf/QPDFObjectHandle.cc.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.01

EPSS Ranking 75.7%

CVSS Severity

CVSS v3 Score 7.8

CVSS v2 Score 6.8

References

https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b
https://github.com/qpdf/qpdf/issues/146
https://usn.ubuntu.com/3638-1/
https://github.com/qpdf/qpdf/commit/ad527a64f93dca12f6aabab2ca99ae5eb352ab4b
https://github.com/qpdf/qpdf/issues/146
https://usn.ubuntu.com/3638-1/

Products affected by CVE-2017-12595

Qpdf Project » Qpdf » Version: 6.0.0

cpe:2.3:a:qpdf_project:qpdf:6.0.0
Qpdf Project » Qpdf » Version: 7.0.b1

cpe:2.3:a:qpdf_project:qpdf:7.0.b1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-12595

Products

Pricing

Contact Us