CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2017-9209

libqpdf.a in QPDF 6.0.0 allows remote attackers to cause a denial of service (infinite recursion and stack consumption) via a crafted PDF document, related to QPDFObjectHandle::parseInternal, aka qpdf-infiniteloop2.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 46.0%

CVSS Severity

CVSS v3 Score 5.5

CVSS v2 Score 4.3

References

https://blogs.gentoo.org/ago/2017/05/21/qpdf-three-infinite-loop-in-libqpdf/
https://usn.ubuntu.com/3638-1/
https://blogs.gentoo.org/ago/2017/05/21/qpdf-three-infinite-loop-in-libqpdf/
https://usn.ubuntu.com/3638-1/

Products affected by CVE-2017-9209

Qpdf Project » Qpdf » Version: 6.0.0

cpe:2.3:a:qpdf_project:qpdf:6.0.0
Canonical » Ubuntu Linux » Version: 14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04
Canonical » Ubuntu Linux » Version: 16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04
Canonical » Ubuntu Linux » Version: 17.10

cpe:2.3:o:canonical:ubuntu_linux:17.10

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2017-9209

Products

Pricing

Contact Us