Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 626180

Summary: app-text/qpdf:
Product: Gentoo Security Reporter: Christopher Díaz Riveros (RETIRED) <chrisadr>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: minor CC: printing
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://nvd.nist.gov/vuln/detail/CVE-2017-11626
Whiteboard: B3 [upstream cve]
Package list:
Runtime testing required: ---

Description Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-07-26 00:59:09 UTC
From URL:

A stack-consumption vulnerability was found in libqpdf in QPDF 6.0.0, which allows attackers to cause a denial of service via a crafted file, related to the QPDFTokenizer::resolveLiteral function in QPDFTokenizer.cc after four consecutive calls to QPDFObjectHandle::parseInternal, aka an "infinite loop."

References:

http://somevulnsofadlab.blogspot.jp/2017/07/qpdfan-infinite-loop-in-libqpdf_65.html
https://github.com/qpdf/qpdf/issues/119
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-10-14 01:22:43 UTC
Freeing CVE alias